-
Notifications
You must be signed in to change notification settings - Fork 0
/
azure-pipelines.yml
189 lines (154 loc) · 5.32 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
# See: https://aka.ms/yaml
# Run on main, and on tags.
trigger:
branches:
include:
- main
- refs/tags/*
stages:
- stage: Quality_Control
displayName: Quality Control
jobs:
# Run the linters once on the latest version of linux, and each
# supported version of Python. If this fails, stop the pipeline
# before running heavy platform-specific unit tests and builds.
- job: lint
displayName: Lint
pool:
vmImage: "ubuntu-latest"
strategy:
matrix:
py39:
PYTHON_VERSION: '3.9'
py310:
PYTHON_VERSION: '3.10'
py311:
PYTHON_VERSION: '3.11'
py312:
PYTHON_VERSION: '3.12'
steps:
- task: UsePythonVersion@0
displayName: "Use Python version"
inputs:
versionSpec: '$(PYTHON_VERSION)'
architecture: "x64"
- script: python -m pip install -r requirements-pipeline.txt
displayName: "CR-QC: Install local package"
- script: cr --help
displayName: "CR-QC: Run CLI"
- script: ruff check .
displayName: "CR-QC: ruff check"
- script: ruff format --check .
displayName: "CR-QC: ruff format"
- script: mypy .
displayName: "CR-QC: mypy"
- script: pytest
displayName: "CR-QC: Test"
# Run tests and build bundles for each platform.
- stage: Build_Dist
displayName: Build Distributables
dependsOn: Quality_Control
condition: succeeded('Quality_Control')
variables:
# Tags starting with "v" are considered a release and should sign
# and publish the binaries.
- name: CR_RELEASE
value: $[startsWith(variables['Build.SourceBranch'], 'refs/tags/v')]
# Main Python version for building distributables.
- name: CR_PY_VERSION
value: '3.12'
# Link the group of Apple passwords from pipeline library.
- group: 'Apple IDs'
jobs:
- job: windows10
displayName: Windows 10
pool:
vmImage: "windows-2019"
steps:
- task: UsePythonVersion@0
displayName: "Use Python version"
inputs:
versionSpec: '$(CR_PY_VERSION)'
architecture: "x64"
- script: python -m pip install -r requirements-pipeline.txt
displayName: "CR-QC: Install"
- script: pytest
displayName: "CR-QC: Test"
- script: pyinstaller --clean --dist .\dist\ .\cr.spec
displayName: "CR-BLD: Build"
- task: DownloadSecureFile@1
displayName: "CR-BLD: Download Certificate"
name: certificate
condition: eq(variables['CR_RELEASE'], 'True')
inputs:
secureFile: "codered_codesign.pfx"
- pwsh: |
# Find newest signtool.
$signtool = (Get-ChildItem -Recurse -Path "C:\Program Files (x86)\Windows Kits\10\bin\*\x64" -Include "signtool.exe")[-1].FullName
Write-Output $signtool
Write-Output $(certificate.secureFilePath)
# Run signtool from path.
& $signtool sign /f $(certificate.secureFilePath) /fd certHash /td certHash /tr "http://timestamp.sectigo.com" .\dist\cr.exe
condition: and(succeeded(), eq(variables['CR_RELEASE'], 'True'))
displayName: "CR-BLD: Sign"
- publish: $(System.DefaultWorkingDirectory)\dist\cr.exe
artifact: cr.exe
- job: macos11
displayName: macOS 12
pool:
vmImage: "macOS-12"
steps:
- task: UsePythonVersion@0
displayName: "Use Python version"
inputs:
versionSpec: '$(CR_PY_VERSION)'
architecture: "x64"
- script: python -m pip install -r requirements-pipeline.txt
displayName: "CR-QC: Install"
- script: pytest
displayName: "CR-QC: Test"
- task: InstallAppleCertificate@2
displayName: "CR-BLD: Download certificate"
condition: eq(variables['CR_RELEASE'], 'True')
inputs:
certSecureFile: "macos_developerID_application.p12"
certPwd: $(CR_APPLE_CERT_PASS)
- script: pyinstaller --clean --dist ./dist/ ./cr.spec
displayName: "CR-BLD: Build"
- script: |
mv ./dist/cr ./dist/cr-macos
ditto -c -k ./dist/cr-macos ./dist/cr-macos.zip
displayName: "CR-BLD: Rename & zip"
- script: xcrun notarytool submit --apple-id $CR_APPLE_ID --password $CR_APPLE_PASS --team-id $CR_APPLE_TEAM --wait ./dist/cr-macos.zip
displayName: "CR-BLD: Notarize"
condition: and(succeeded(), eq(variables['CR_RELEASE'], 'True'))
env:
CR_APPLE_ID: $(CR_APPLE_ID)
CR_APPLE_PASS: $(CR_APPLE_PASS)
CR_APPLE_TEAM: $(CR_APPLE_TEAM)
- publish: $(System.DefaultWorkingDirectory)/dist/cr-macos
artifact: cr-macos
- job: ubuntu2004
displayName: Ubuntu 20.04
pool:
vmImage: "ubuntu-20.04"
steps:
- task: UsePythonVersion@0
displayName: "Use Python version"
inputs:
versionSpec: '$(CR_PY_VERSION)'
architecture: "x64"
- script: python -m pip install -r requirements-pipeline.txt
displayName: "CR-QC: Install"
- script: pytest
displayName: "CR-QC: Test"
- script: pyinstaller --clean --dist ./dist/ ./cr.spec
displayName: "CR-BLD: Build"
- script: mv ./dist/cr ./dist/cr-linux
displayName: "CR-BLD: Rename"
- publish: $(System.DefaultWorkingDirectory)/dist/cr-linux
artifact: cr-linux
- script: python -m build --outdir ./dist/pypi/
displayName: "CR-BLD: PyPI"
- publish: $(System.DefaultWorkingDirectory)/dist/pypi/
artifact: pypi