Tomas Kracmar
17d745bdac
Source: main (252c1cf) Excluded: live tenant exports, generated artifacts, and dev-only tooling.
119 lines
4.0 KiB
YAML
119 lines
4.0 KiB
YAML
trigger: none
|
|
pr: none
|
|
|
|
# Publisher pipeline: pushes a sanitized snapshot of the dev repo to the public template repo.
|
|
#
|
|
# Usage:
|
|
# Queue this pipeline manually and optionally provide a tag name (e.g. v1.1.0).
|
|
#
|
|
# Prerequisites:
|
|
# - PUBLIC_REPO_URL (pipeline variable)
|
|
# - PUBLIC_REPO_PAT (secret pipeline variable)
|
|
|
|
parameters:
|
|
- name: tagName
|
|
displayName: Optional release tag (e.g. v1.1.0)
|
|
type: string
|
|
default: ""
|
|
|
|
variables:
|
|
- template: ../templates/variables-common.yml
|
|
|
|
jobs:
|
|
- job: publish_public_template
|
|
displayName: Publish sanitized snapshot to public repo
|
|
pool:
|
|
name: $(AGENT_POOL_NAME)
|
|
steps:
|
|
- checkout: self
|
|
persistCredentials: true
|
|
|
|
- task: Bash@3
|
|
displayName: Run sync-to-public
|
|
inputs:
|
|
targetType: inline
|
|
script: |
|
|
set -euo pipefail
|
|
chmod +x "$(Build.SourcesDirectory)/deploy/sync-to-public.sh"
|
|
|
|
TMP_DIR="$(mktemp -d)"
|
|
trap 'rm -rf "$TMP_DIR"' EXIT
|
|
|
|
# Run the sync script; it clones the public repo into a temp subdir
|
|
"$(Build.SourcesDirectory)/deploy/sync-to-public.sh" \
|
|
"$(PUBLIC_REPO_URL)" \
|
|
"${{ parameters.tagName }}"
|
|
|
|
# The script prints the clone path in its output. Extract the last temp dir it used.
|
|
PUBLIC_CLONE="$TMP_DIR/public"
|
|
mkdir -p "$PUBLIC_CLONE"
|
|
|
|
# Re-run the sync into our controlled temp dir to guarantee the path
|
|
cd "$(Build.SourcesDirectory)"
|
|
rsync -a \
|
|
--exclude='.git' \
|
|
--exclude='tenant-state' \
|
|
--exclude='prod-as-built.md' \
|
|
--exclude='node_modules' \
|
|
--exclude='__pycache__' \
|
|
--exclude='.DS_Store' \
|
|
--exclude='deploy/sync-to-public.sh' \
|
|
--exclude='deploy/publish-public.yml' \
|
|
"$(Build.SourcesDirectory)/" "$PUBLIC_CLONE/"
|
|
|
|
cd "$PUBLIC_CLONE"
|
|
|
|
# Re-create empty tenant-state structure
|
|
mkdir -p tenant-state/intune tenant-state/entra tenant-state/reports/intune tenant-state/reports/entra
|
|
touch tenant-state/intune/.gitkeep tenant-state/entra/.gitkeep tenant-state/reports/intune/.gitkeep tenant-state/reports/entra/.gitkeep
|
|
cat > tenant-state/README.md <<'EOF'
|
|
# tenant-state
|
|
|
|
This directory is populated automatically by the ASTRAL pipeline.
|
|
Do not place manual files here; they will be overwritten on the next export.
|
|
EOF
|
|
|
|
git init
|
|
git remote add origin "$(PUBLIC_REPO_URL)" 2>/dev/null || git remote set-url origin "$(PUBLIC_REPO_URL)"
|
|
|
|
git config user.email "astral-publish@local"
|
|
git config user.name "ASTRAL Publisher"
|
|
|
|
# Fetch existing public main so we can diff against it
|
|
git fetch origin main || true
|
|
|
|
# Stage everything
|
|
git add -A
|
|
|
|
if git diff --cached --quiet; then
|
|
echo "No changes to publish."
|
|
exit 0
|
|
fi
|
|
|
|
DEV_SHA="$(git -C '$(Build.SourcesDirectory)' rev-parse --short HEAD)"
|
|
DEV_BRANCH="$(git -C '$(Build.SourcesDirectory)' rev-parse --abbrev-ref HEAD)"
|
|
|
|
git commit -m "Sync from dev @ ${DEV_SHA}
|
|
|
|
Source: ${DEV_BRANCH} (${DEV_SHA})
|
|
Excluded: live tenant exports, generated artifacts, and dev-only tooling."
|
|
|
|
if [ -n "${{ parameters.tagName }}" ]; then
|
|
git tag -a "${{ parameters.tagName }}" -m "Release ${{ parameters.tagName }}"
|
|
fi
|
|
|
|
# Push commit (and tag if provided)
|
|
git push origin HEAD:main --force
|
|
if [ -n "${{ parameters.tagName }}" ]; then
|
|
git push origin "${{ parameters.tagName }}"
|
|
fi
|
|
|
|
echo "Publication complete."
|
|
if [ -n "${{ parameters.tagName }}" ]; then
|
|
echo "Tag: ${{ parameters.tagName }}"
|
|
fi
|
|
env:
|
|
GIT_ASKPASS: echo
|
|
GIT_USERNAME: $(PUBLIC_REPO_USERNAME)
|
|
GIT_PASSWORD: $(PUBLIC_REPO_PAT)
|