Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add analysis pipeline definitions #270

Merged
merged 4 commits into from
May 8, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions .ado/governance.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: pyqir-governance

trigger:
- main

pr:
- main

schedules:
- cron: "0 9 * * Sat"
displayName: 'Build for CodeQL'
branches:
include:
- main
always: true

variables:
CARGO_TERM_COLOR: always
RUST_TOOLCHAIN_VERSION: "1.77"

jobs:
- job: "pyqir_governance"
pool:
vmImage: 'ubuntu-latest'
timeoutInMinutes: 240
steps:
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
displayName: 'Component detection'

- task: RustInstaller@1
inputs:
rustVersion: ms-$(RUST_TOOLCHAIN_VERSION)
cratesIoFeedOverride: $(cratesIoFeedOverride)
toolchainFeed: $(toolchainFeed)
displayName: Install Rust toolchain

- task: UsePythonVersion@0
inputs:
versionSpec: '3.11'

- script: |
sudo apt-get install -y ninja-build
displayName: Build VSCode Extension

- task: CodeQL3000Init@0
displayName: CodeQL Initialize

- script: |
./build.ps1 -t default
displayName: Build

- task: CodeQL3000Finalize@0
displayName: CodeQL Finalize
150 changes: 150 additions & 0 deletions .ado/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
name: pyqir-publish-$(BuildId)

trigger: none
pr: none

variables:
CARGO_TERM_COLOR: always
RUST_TOOLCHAIN_VERSION: "1.77"

jobs:
- job: "Build"
strategy:
matrix:
linux_x64:
imageName: 'ubuntu-20.04'
arch: x86_64
mac_x64:
imageName: 'macOS-latest'
arch: x86_64
mac_aarch64:
imageName: 'macOS-14'
arch: aarch64
windows:
imageName: 'windows-latest'
arch: x86_64
pool:
vmImage: $(imageName)
variables:
arch: $(arch)
timeoutInMinutes: 90

steps:
# common init steps
- task: RustInstaller@1
inputs:
rustVersion: ms-$(RUST_TOOLCHAIN_VERSION)
cratesIoFeedOverride: $(cratesIoFeedOverride)
toolchainFeed: $(toolchainFeed)
displayName: Install Rust toolchain

- script: |
rustc --version
rustc --print target-list
displayName: View rust target info

- task: UsePythonVersion@0
inputs:
versionSpec: '3.11'

# build

- script: |
./build.ps1 -t default
displayName: Build

# publish the python artifacts

- script: |
dir target\wheels\*
displayName: List Py Packages on Win
condition: eq(variables['Agent.OS'], 'Windows_NT')

- script: |
ls target/wheels/*
displayName: List Py Packages on non-Win
condition: ne(variables['Agent.OS'], 'Windows_NT')

- publish: $(System.DefaultWorkingDirectory)/target/wheels
artifact: Wheels.Mac.${{ variables['arch'] }}
displayName: Upload Python Artifacts Mac
condition: eq(variables['Agent.OS'], 'Darwin')

- publish: $(System.DefaultWorkingDirectory)/target/wheels
artifact: Wheels.Win.${{ variables['arch'] }}
displayName: Upload Python Artifacts Win
condition: eq(variables['Agent.OS'], 'Windows_NT')

- publish: $(System.DefaultWorkingDirectory)/target/wheels
artifact: Wheels.Linux.${{ variables['arch'] }}
displayName: Upload Python Artifacts Linux
condition: eq(variables['Agent.OS'], 'Linux')

- job: "Merge"
pool:
vmImage: 'ubuntu-latest'

steps:
- download: current
artifact: Wheels.Win.x86_64
displayName: Download x86_64 Python Artifacts Win

- download: current
artifact: Wheels.Mac.x86_64
displayName: Download Python Artifacts Mac

- download: current
artifact: Wheels.Mac.aarch64
displayName: Download Python Artifacts Mac

- download: current
artifact: Wheels.Linux.x86_64
displayName: Download x86_64 Python Artifacts Linux

- script: |
mkdir -p target/wheels
mv ../Wheels.Linux.x86_64/*.whl target/wheels
mv ../Wheels.Win.x86_64/*.whl target/wheels
mv ../Wheels.Mac.x86_64/*.whl target/wheels
mv ../Wheels.Mac.aarch64/*.whl target/wheels
ls target/wheels/*
displayName: Move Py Artifacts to Publishing Dir

- publish: $(System.DefaultWorkingDirectory)/target/wheels
artifact: wheels
displayName: Upload Python Artifacts


- job: "Approval"
dependsOn:
- Build
- Merge

pool: server
timeoutInMinutes: 1440 # job times out in 1 day
steps:
- task: ManualValidation@0
timeoutInMinutes: 1440 # task times out in 1 day
inputs:
notifyUsers: ''
instructions: 'Please verify artifacts and approve the release'
onTimeout: 'reject'


- job: "Publish_Python_Packages"
dependsOn: Approval
pool:
vmImage: 'ubuntu-latest'

steps:
- download: current
artifact: wheels
displayName: Download Python Artifacts

- script: |
mkdir -p target/wheels
mv ../wheels/*.whl target/wheels
ls target/wheels/*
displayName: Move Py Artifacts to Publishing Dir

# Add ESRP steps here
33 changes: 33 additions & 0 deletions .github/workflows/devskim.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: DevSkim

on:
pull_request:
branches: [ main ]
merge_group:
workflow_dispatch:
schedule:
# set schedule to run at 2AM PT on Saturdays
- cron: '0 9 * * Sat'

jobs:
lint:
name: DevSkim
runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write

# only required for workflows in private repositories
actions: read
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Run DevSkim scanner
uses: microsoft/DevSkim-Action@v1

- name: Upload DevSkim scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: devskim-results.sarif
Loading