From b08d45f422776a3fe263852c8dc255287caeebbd Mon Sep 17 00:00:00 2001 From: Ian Davis Date: Thu, 27 Jun 2024 13:46:31 -0700 Subject: [PATCH] Add initial 1ES build config --- .ado/release.yml | 180 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 180 insertions(+) create mode 100644 .ado/release.yml diff --git a/.ado/release.yml b/.ado/release.yml new file mode 100644 index 0000000..ec6a8f5 --- /dev/null +++ b/.ado/release.yml @@ -0,0 +1,180 @@ +name: qiskit-qir-publish-$(BuildId) + +# This pipeline is used to build and publish the PyQIR package +# It uses a Microsoft ADO template for additional security checks. + +# Run on merges to main to ensure that the latest code +# is always able to be published. +trigger: + branches: + include: + - main + +# Run the pipeline every day at 7:00 AM UTC to ensure +# codeql and other governance checks are up-to-date. +schedules: +- cron: "0 7 * * *" + displayName: 'Build for Component Governance' + branches: + include: + - main + always: true + +resources: + repositories: + - repository: 1ESPipelineTemplates + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release + +parameters: +- name: hosts + type: object + default: + - name: linux_x86_64 + poolName: 'Azure-Pipelines-DevTools-EO' + imageName: 'ubuntu-latest' + os: linux +- name: python + type: object + default: + - name: Python38 + version: '3.8' + - name: Python39 + version: '3.9' + - name: Python310 + version: '3.10' + - name: Python311 + version: '3.11' + +extends: + template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates + parameters: + sdl: + sourceAnalysisPool: + name: 'Azure-Pipelines-DevTools-EO' + image: windows-2022 + os: windows + stages: + - stage: build + displayName: Build + jobs: + - job: "Build_Python_Package" + pool: + name: 'Azure-Pipelines-DevTools-EO' + image: 'ubuntu-latest' + os: linux + timeoutInMinutes: 90 + templateContext: + outputs: + - output: pipelineArtifact + displayName: 'Upload Python Package Artifact' + targetPath: $(System.DefaultWorkingDirectory)/dist + artifactName: dist + condition: succeeded() + steps: + - task: UsePythonVersion@0 + inputs: + versionSpec: '3.11' + displayName: 'Use Python 3.11' + + - script: | + python -m pip install --upgrade pip + python -m pip install -r requirements_dev.txt + displayName: 'Install dependencies' + + - script: | + make dist + displayName: 'Build package' + + - stage: test + displayName: test + dependsOn: build + condition: and(succeeded(), not(cancelled()), not(failed())) + jobs: + - ${{ each host in parameters.hosts }}: + - ${{ each python in parameters.python }}: + - job: Tests_Python_${{ python.name }}_${{ host.name }}_job + pool: + name: ${{ host.poolName }} + image: ${{ host.imageName }} + os: ${{ host.os }} + templateContext: + inputs: # All input build artifacts must be declared here + - input: pipelineArtifact + artifactName: dist + targetPath: $(System.DefaultWorkingDirectory)/dist + steps: + - task: UsePythonVersion@0 + inputs: + versionSpec: '${{ python.version }}' + displayName: 'Use Python ${{ python.version }}' + - script: | + python -m pip install --upgrade pip + python -m pip install -r requirements_dev.txt + displayName: 'Install dependencies' + - script: | + python -m pip install dist/*.whl + displayName: 'Install package' + - script: | + pytest + displayName: 'Test package' + + - stage: approval + displayName: Approval + dependsOn: test + condition: and(succeeded(), not(cancelled()), not(failed()), eq(variables['Build.Reason'], 'Manual')) + jobs: + - job: "Approval" + pool: server + timeoutInMinutes: 1440 # job times out in 1 day + steps: + - task: ManualValidation@0 + timeoutInMinutes: 1440 # task times out in 1 day + inputs: + notifyUsers: '' + instructions: 'Please verify artifacts and approve the release' + onTimeout: 'reject' + + - stage: release + displayName: Release + dependsOn: approval + condition: and(succeeded(), not(cancelled()), not(failed()), eq(variables['Build.Reason'], 'Manual')) + jobs: + # We will get a warning about extra files in the sbom validation saying it failed. + # This is expected as we have the wheels being downloaded to the same directory. + # So each successive wheel will have the previous wheel in the directory and each + # will be flagged as an extra file. See: + # http://aka.ms/drop-validation-failure-additional-files + - job: "Publish_Python_Packages" + pool: + name: 'Azure-Pipelines-DevTools-EO' + image: 'ubuntu-latest' + os: linux + templateContext: + type: releaseJob + isProduction: true + inputs: # All input build artifacts must be declared here + - input: pipelineArtifact + artifactName: dist + targetPath: $(System.DefaultWorkingDirectory)/dist + steps: + - script: | + ls $(System.DefaultWorkingDirectory)/dist + displayName: Display Py Artifacts in Publishing Dir + + # - task: EsrpRelease@4 + # condition: succeeded() + # displayName: Publish Py Packages + # inputs: + # ConnectedServiceName: 'ESRP_Release' + # Intent: 'PackageDistribution' + # ContentType: 'PyPi' + # FolderLocation: '$(System.DefaultWorkingDirectory)/dist' + # Owners: '$(OwnerPersonalAlias)@microsoft.com' # NB: Group email here fails the task with non-actionable output. + # Approvers: 'billti@microsoft.com' + # # Auto-inserted Debugging defaults: + # ServiceEndpointUrl: 'https://api.esrp.microsoft.com' + # MainPublisher: 'QuantumDevelpmentKit' # ESRP Team's Correction (including the critical typo "Develpm"). + # DomainTenantId: '72f988bf-86f1-41af-91ab-2d7cd011db47' +