mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 01:07:18 +03:00
parent
6ab2858706
commit
634b38a92a
@ -210,12 +210,6 @@ jobs:
|
||||
persistCredentials: true
|
||||
- bash: ci/dev-env-install.sh
|
||||
displayName: 'Build/Install the Developer Environment'
|
||||
- bash: ci/configure-bazel.sh
|
||||
displayName: 'Configure Bazel'
|
||||
env:
|
||||
IS_FORK: $(System.PullRequest.IsFork)
|
||||
# to upload to the bazel cache
|
||||
GOOGLE_APPLICATION_CREDENTIALS_CONTENT: $(GOOGLE_APPLICATION_CREDENTIALS_CONTENT)
|
||||
- bash: |
|
||||
set -euo pipefail
|
||||
eval "$(dev-env/bin/dade assist)"
|
||||
@ -227,9 +221,11 @@ jobs:
|
||||
displayName: 'Build'
|
||||
- bash: |
|
||||
set -euo pipefail
|
||||
eval "$(./dev-env/bin/dade-assist)"
|
||||
eval "$(dev-env/bin/dade-assist)"
|
||||
|
||||
#needs to be specified since blackduck can not scan all bazel dependency types in one go, haskell has to be scanned separatey and code location name uniquely identified to avoid stomping
|
||||
#needs to be specified since blackduck can not scan all bazel
|
||||
#dependency types in one go, haskell has to be scanned separatey and
|
||||
#code location name uniquely identified to avoid stomping
|
||||
BAZEL_DEPENDENCY_TYPE="haskell_cabal_library"
|
||||
|
||||
bash <(curl -s https://raw.githubusercontent.com/DACH-NY/security-blackduck/master/synopsys-detect) \
|
||||
@ -247,9 +243,10 @@ jobs:
|
||||
BLACKDUCK_HUBDETECT_TOKEN: $(BLACKDUCK_HUBDETECT_TOKEN)
|
||||
- bash: |
|
||||
set -euo pipefail
|
||||
eval "$(./dev-env/bin/dade-assist)"
|
||||
eval "$(dev-env/bin/dade-assist)"
|
||||
|
||||
#avoid stomping any previous bazel haskell scans for this repository by qualifying as a maven_install (aka jvm) bazel blackduck scan
|
||||
#avoid stomping any previous bazel haskell scans for this repository
|
||||
#by qualifying as a maven_install (aka jvm) bazel blackduck scan
|
||||
BAZEL_DEPENDENCY_TYPE="maven_install"
|
||||
|
||||
bash <(curl -s https://raw.githubusercontent.com/DACH-NY/security-blackduck/master/synopsys-detect) \
|
||||
@ -281,14 +278,37 @@ jobs:
|
||||
eval "$(./dev-env/bin/dade-assist)"
|
||||
source $(bash_lib)
|
||||
|
||||
branch="notices-update-$(Build.BuildId)"
|
||||
|
||||
tr -d '\015' <*_Black_Duck_Notices_Report.txt | grep -v digital-asset_daml >NOTICES
|
||||
if git diff --exit-code -- NOTICES; then
|
||||
echo "NOTICES file already up-to-date."
|
||||
setvar need_to_build false
|
||||
else
|
||||
git add NOTICES
|
||||
open_pr "notices-update-$(Build.BuildId)" "update NOTICES file"
|
||||
open_pr "$branch" "update NOTICES file"
|
||||
setvar need_to_build true
|
||||
fi
|
||||
displayName: open PR
|
||||
condition: and(succeeded(),
|
||||
eq(variables['Build.SourceBranchName'], 'main'))
|
||||
name: out
|
||||
- template: ../daily_tell_slack.yml
|
||||
|
||||
- job: run_notices_pr_build
|
||||
timeoutInMinutes: 60
|
||||
dependsOn: ["blackduck_scan"]
|
||||
pool:
|
||||
vmImage: ubuntu-20.04
|
||||
variables:
|
||||
need_to_build: $[ dependencies.blackduck_scan.outputs['out.need_to_build'] ]
|
||||
steps:
|
||||
- bash: |
|
||||
if [ "$(need_to_build)" == "true" ]; then
|
||||
branch="notices-update-$(Build.BuildId)"
|
||||
az extension add --name azure-devops
|
||||
trap "az devops logout" EXIT
|
||||
echo "$(System.AccessToken)" | az devops login --org "https://dev.azure.com/digitalasset"
|
||||
az pipelines build queue --branch "$branch" \
|
||||
--definition-name "PRs" \
|
||||
--org "https://dev.azure.com/digitalasset" \
|
||||
--project daml
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user