[ci] Migrate to the 1ES template

Context: https://aka.ms/1espt The build pipeline has been updated to extend the 1ES pipeline template, which will keep the pipeline up to date with the latest compliance and security requirements. Compliance tasks and scans will run automatically as part of artifact upload steps.
dotnet · pjcollins · Mar 4, 2024 · Feb 21, 2024 · Feb 21, 2024 · Feb 21, 2024
commit 18ef8241414a0f4aed429cf19ada929a2c475ea6
@@ -118,9 +118,6 @@ stages:
     steps:
     - template: yaml-templates/setup-test-environment.yaml
       parameters:
-        installLegacyDotNet: false
-        restoreNUnitConsole: false
-        updateMono: false
         xaprepareScenario: EmulatorTestDependencies
         jdkTestFolder: $(JAVA_HOME_11_X64)
 
@@ -200,9 +197,6 @@ stages:
     - template: yaml-templates/setup-test-environment.yaml
       parameters:
         installTestSlicer: true
-        installLegacyDotNet: false
-        restoreNUnitConsole: false
-        updateMono: false
         xaprepareScenario: EmulatorTestDependencies
         jdkTestFolder: $HOME/android-toolchain/jdk-17
 
@@ -258,9 +252,6 @@ stages:
     - template: yaml-templates/setup-test-environment.yaml
       parameters:
         installTestSlicer: true
-        installLegacyDotNet: false
-        restoreNUnitConsole: false
-        updateMono: false
         xaprepareScenario: EmulatorTestDependencies
         jdkTestFolder: $HOME/android-toolchain/jdk-17
 
@@ -303,9 +294,6 @@ stages:
     - template: yaml-templates/setup-test-environment.yaml
       parameters:
         installApkDiff: false
-        installLegacyDotNet: false
-        restoreNUnitConsole: false
-        updateMono: false
 
     - task: DownloadPipelineArtifact@2
       displayName: Download binutils pdbs

@@ -9,41 +9,24 @@ parameters:
   testResultsFormat: NUnit
   artifactSource: ""
   artifactFolder: ""
-  useDotNet: true
   condition: succeeded()
   retryCountOnTaskFailure: 1
 
 steps:
-- ${{ if eq(parameters.useDotNet, false) }}:
-  - task: MSBuild@1
+- template: run-dotnet-preview.yaml@self
+  parameters:
+    configuration: ${{ parameters.buildConfiguration }}
+    xaSourcePath: ${{ parameters.xaSourcePath }}
     displayName: run ${{ parameters.testName }}
-    inputs:
-      solution: ${{ parameters.project }}
-      configuration: ${{ parameters.configuration }}
-      msbuildArguments: >-
-        /restore
-        /t:RunTestApp
-        /bl:${{ parameters.xaSourcePath }}/bin/Test${{ parameters.configuration }}/run-${{ parameters.testName }}.binlog
-        ${{ parameters.extraBuildArgs }}
+    project: ${{ parameters.project }}
+    arguments: >-
+      -t:RunTestApp
+      -bl:${{ parameters.xaSourcePath }}/bin/Test${{ parameters.configuration }}/run-${{ parameters.testName }}.binlog
+      -v:n -c ${{ parameters.configuration }} ${{ parameters.extraBuildArgs }}
     condition: ${{ parameters.condition }}
     continueOnError: true
     retryCountOnTaskFailure: ${{ parameters.retryCountOnTaskFailure }}
 
-- ${{ if eq(parameters.useDotNet, true) }}:
-  - template: run-dotnet-preview.yaml
-    parameters:
-      configuration: ${{ parameters.buildConfiguration }}
-      xaSourcePath: ${{ parameters.xaSourcePath }}
-      displayName: run ${{ parameters.testName }}
-      project: ${{ parameters.project }}
-      arguments: >-
-        -t:RunTestApp
-        -bl:${{ parameters.xaSourcePath }}/bin/Test${{ parameters.configuration }}/run-${{ parameters.testName }}.binlog
-        -v:n -c ${{ parameters.configuration }} ${{ parameters.extraBuildArgs }}
-      condition: ${{ parameters.condition }}
-      continueOnError: true
-      retryCountOnTaskFailure: ${{ parameters.retryCountOnTaskFailure }}
-
 - script: >
     DEST="$(Build.StagingDirectory)/Test${{ parameters.configuration }}/${{ parameters.artifactFolder }}/" &&
     mkdir -p "$DEST" &&

@@ -1,6 +1,4 @@
 parameters:
-  buildPoolName: $(LinuxBuildPoolName)
-  buildPoolImage: $(LinuxBuildPoolImage)
   buildResultArtifactName: Build Results - Linux
   checkoutCommit: ''
   checkoutPath: 's/xamarin-android'
@@ -24,8 +22,9 @@ stages:
   - job: ${{ parameters.jobName }}
     displayName: ${{ parameters.jobDisplayName }}
     pool:
-      name: ${{ parameters.buildPoolName }}
-      vmImage: ${{ parameters.buildPoolImage }}
+      name: AzurePipelines-EO
+      vmImage: $(LinuxPoolImage1ESPT)
+      os: linux
     timeoutInMinutes: 180
     workspace:
       clean: all
@@ -44,7 +43,7 @@ stages:
     #  https://learn.microsoft.com/en-us/azure/devops/pipelines/repos/multi-repo-checkout?view=azure-devops#checkout-path
     - checkout: maui
 
-    - template: setup-ubuntu.yaml
+    - template: setup-ubuntu.yaml@self
 
     - ${{ if ne(variables['System.PullRequest.IsFork'], 'True') }}:
       - checkout: monodroid
@@ -90,33 +89,10 @@ stages:
         artifactName: ${{ parameters.nugetArtifactName }}
         targetPath: $(System.DefaultWorkingDirectory)/xamarin-android/bin/Build$(XA.Build.Configuration)/nuget-linux
 
-    - powershell: |
-        [IO.Directory]::CreateDirectory("$(Build.StagingDirectory)/empty")
-        [IO.Directory]::CreateDirectory("$(Build.StagingDirectory)/sbom-components")
-      displayName: create SBOM directories
-      condition: and(succeeded(), eq(variables['MicroBuildSignType'], 'Real'))
-
-    - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
-      displayName: generate components SBOM
-      condition: and(succeeded(), eq(variables['MicroBuildSignType'], 'Real'))
-      inputs:
-        BuildDropPath: $(Build.StagingDirectory)/empty
-        BuildComponentPath: $(System.DefaultWorkingDirectory)/xamarin-android
-        ManifestDirPath: $(Build.StagingDirectory)/sbom-components
-        PackageName: .NET Android
-        Verbosity: Verbose
-
-    - task: PublishBuildArtifacts@1
-      displayName: publish components SBOM
-      condition: and(succeeded(), eq(variables['MicroBuildSignType'], 'Real'))
-      inputs:
-        artifactName: sbom-components-linux
-        pathToPublish: $(Build.StagingDirectory)/sbom-components
-
-    - template: upload-results.yaml
+    - template: upload-results.yaml@self
       parameters:
         xaSourcePath: $(System.DefaultWorkingDirectory)/xamarin-android
         artifactName: ${{ parameters.buildResultArtifactName }}
         includeBuildResults: true
 
-    - template: fail-on-issue.yaml
+    - template: fail-on-issue.yaml@self
@@ -1,6 +1,4 @@
 parameters:
-  buildPoolName: $(MacBuildPoolName)
-  buildPoolImage: $(MacBuildPoolImage)
   buildResultArtifactName: Build Results - macOS
   checkoutCommit: ''
   checkoutPath: 's/xamarin-android'
@@ -28,9 +26,10 @@ stages:
   - job: ${{ parameters.jobName }}
     displayName: ${{ parameters.jobDisplayName }}
     pool:
-      name: ${{ parameters.buildPoolName }}
-      vmImage: ${{ parameters.buildPoolImage }}
-      ${{ if or(and(ne(variables['Build.DefinitionName'],'Xamarin.Android'), ne(variables['Build.DefinitionName'], 'Xamarin.Android-Private'), ne(variables['Build.DefinitionName'], 'xamarin.megapipeline')), eq(variables['Build.Reason'], 'PullRequest')) }}:
+      name: $(MacBuildPoolName)
+      vmImage: $(MacBuildPoolImage)
+      os: macOS
+      ${{ if ne(variables['MicroBuildSignType'], 'Real') }}:
         demands: macOS.Name -equals Monterey
     timeoutInMinutes: 240
     cancelTimeoutInMinutes: 5
@@ -44,37 +43,14 @@ stages:
         path: ${{ parameters.checkoutPath }}
         persistCredentials: ${{ parameters.checkoutPersistCredentials }}
 
-    - template: commercial-build.yaml
+    - template: commercial-build.yaml@self
       parameters:
         installerArtifactName: ${{ parameters.installerArtifactName }}
         nugetArtifactName: ${{ parameters.nugetArtifactName }}
         testAssembliesArtifactName: ${{ parameters.testAssembliesArtifactName }}
         windowsToolchainPdbArtifactName: ${{ parameters.windowsToolchainPdbArtifactName }}
 
-    - powershell: |
-        [IO.Directory]::CreateDirectory("$(Build.StagingDirectory)/empty")
-        [IO.Directory]::CreateDirectory("$(Build.StagingDirectory)/sbom-components")
-      displayName: create SBOM directories
-      condition: and(succeeded(), eq(variables['MicroBuildSignType'], 'Real'))
-
-    - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
-      displayName: generate components SBOM
-      condition: and(succeeded(), eq(variables['MicroBuildSignType'], 'Real'))
-      inputs:
-        BuildDropPath: $(Build.StagingDirectory)/empty
-        BuildComponentPath: $(System.DefaultWorkingDirectory)/xamarin-android
-        ManifestDirPath: $(Build.StagingDirectory)/sbom-components
-        PackageName: .NET Android
-        Verbosity: Verbose
-
-    - task: PublishBuildArtifacts@1
-      displayName: publish components SBOM
-      condition: and(succeeded(), eq(variables['MicroBuildSignType'], 'Real'))
-      inputs:
-        artifactName: sbom-components-macos
-        pathToPublish: $(Build.StagingDirectory)/sbom-components
-
-    - template: upload-results.yaml
+    - template: upload-results.yaml@self
       parameters:
         xaSourcePath: $(System.DefaultWorkingDirectory)/xamarin-android
         artifactName: ${{ parameters.buildResultArtifactName }}

@@ -1,5 +1,4 @@
 parameters:
-  buildPool: $(1ESWindowsPool)
   buildResultArtifactName: Build Results - Windows
   checkoutCommit: ''
   checkoutPath: ''
@@ -23,7 +22,10 @@ stages:
   # Check - "Xamarin.Android (Windows > Build & Smoke Test)"
   - job: ${{ parameters.jobName }}
     displayName: ${{ parameters.jobDisplayName }}
-    pool: ${{ parameters.buildPool }}
+    pool:
+      name: AzurePipelines-EO
+      image: $(WindowsPoolImage1ESPT)
+      os: windows
     timeoutInMinutes: 360
     steps:
     - template: sdk-unified/steps/checkout/v1.yml@yaml-templates
@@ -33,15 +35,15 @@ stages:
         path: ${{ parameters.checkoutPath }}
         persistCredentials: ${{ parameters.checkoutPersistCredentials }}
 
-    - template: kill-processes.yaml
+    - template: kill-processes.yaml@self
 
-    - template: clean.yaml
+    - template: clean.yaml@self
 
     - script: |
         echo ##vso[task.setvariable variable=JI_JAVA_HOME]%JAVA_HOME_17_X64%
       displayName: set JI_JAVA_HOME to $(JAVA_HOME_17_X64)
 
-    - template: use-dot-net.yaml
+    - template: use-dot-net.yaml@self
       parameters:
         remove_dotnet: true
 
@@ -52,7 +54,7 @@ stages:
         arguments: '-c $(XA.Build.Configuration) -t:Prepare --no-restore -p:AutoProvision=true -bl:$(System.DefaultWorkingDirectory)\bin\Build$(XA.Build.Configuration)\dotnet-build-prepare.binlog'
 
     # Build, pack .nupkgs, and extract workload packs to dotnet preview test directory
-    - template: run-dotnet-preview.yaml
+    - template: run-dotnet-preview.yaml@self
       parameters:
         project: Xamarin.Android.sln
         arguments: >-
@@ -61,12 +63,12 @@ stages:
         displayName: Build Solution
         continueOnError: false
 
-    - template: install-global-tool.yaml
+    - template: install-global-tool.yaml@self
       parameters:
         toolName: apkdiff
         version: $(ApkDiffToolVersion)
 
-    - template: run-nunit-tests.yaml
+    - template: run-nunit-tests.yaml@self
       parameters:
         testRunTitle: Smoke MSBuild Tests - Windows Dotnet Build
         testAssembly: $(System.DefaultWorkingDirectory)\bin\Test$(XA.Build.Configuration)\$(DotNetStableTargetFramework)\Xamarin.Android.Build.Tests.dll
@@ -79,9 +81,9 @@ stages:
         filename: dotnet-local.cmd
         arguments: build samples\HelloWorld\HelloWorld\HelloWorld.DotNet.csproj
 
-    - template: upload-results.yaml
+    - template: upload-results.yaml@self
       parameters:
         artifactName: ${{ parameters.buildResultArtifactName }}
         includeBuildResults: true
 
-    - template: fail-on-issue.yaml
+    - template: fail-on-issue.yaml@self
@@ -10,7 +10,7 @@ steps:
 - script: echo "##vso[task.setvariable variable=JI_JAVA_HOME]$HOME/android-toolchain/jdk-17"
   displayName: set JI_JAVA_HOME
 
-- template: use-dot-net.yaml
+- template: use-dot-net.yaml@self
   parameters:
     remove_dotnet: true
 
@@ -72,7 +72,7 @@ steps:
   displayName: CodeQL 3000 Finalize
   condition: and(succeededOrFailed(), eq(variables['Codeql.Enabled'], 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
 
-- template: install-microbuild-tooling.yaml
+- template: install-microbuild-tooling.yaml@self
   parameters:
     condition: and(succeeded(), eq(variables['MicroBuildSignType'], 'Real'))
 
@@ -121,21 +121,21 @@ steps:
       /p:MicroBuildOverridePluginDirectory=$(Build.StagingDirectory)/MicroBuild/Plugins
       /bl:${{ parameters.xaSourcePath }}/bin/Build$(XA.Build.Configuration)/sign-bu-ex.binlog
 
-- template: remove-microbuild-tooling.yaml
+- template: remove-microbuild-tooling.yaml@self
   parameters:
     condition: and(succeededOrFailed(), eq(variables['MicroBuildSignType'], 'Real'))
 
 - script: make create-installers CONFIGURATION=$(XA.Build.Configuration) MSBUILD_ARGS='${{ parameters.makeMSBuildArgs }}'
   workingDirectory: ${{ parameters.xaSourcePath }}
   displayName: make create-installers
 
-- task: PublishPipelineArtifact@1
+- task: 1ES.PublishPipelineArtifact@1
   displayName: upload nupkgs
   inputs:
     artifactName: ${{ parameters.nugetArtifactName }}
     targetPath: ${{ parameters.xaSourcePath }}/bin/Build$(XA.Build.Configuration)/nuget-unsigned
 
-- task: PublishPipelineArtifact@1
+- task: 1ES.PublishPipelineArtifact@1
   displayName: upload test assemblies
   inputs:
     artifactName: ${{ parameters.testAssembliesArtifactName }}
@@ -148,13 +148,13 @@ steps:
   workingDirectory: ${{ parameters.xaSourcePath }}
   displayName: zip Windows toolchain pdb files
 
-- task: PublishPipelineArtifact@1
+- task: 1ES.PublishPipelineArtifact@1
   displayName: upload Windows toolchain pdb files
   inputs:
     artifactName: ${{ parameters.windowsToolchainPdbArtifactName }}
     targetPath: ${{ parameters.xaSourcePath }}/bin/Build$(XA.Build.Configuration)/windows-toolchain-pdb
 
-- task: PublishPipelineArtifact@1
+- task: 1ES.PublishPipelineArtifact@1
   displayName: upload build tools inventory
   inputs:
     artifactName: AndroidBuildToolsInventory