[ci] Move build pipeline to dnceng-public (#1299)

Updates the build pipeline to run in new build in the dnceng-public org:

https://dev.azure.com/dnceng-public/public/_build?definitionId=304

The OneLocBuild job has been moved to a separate pipeline file that will
run on a schedule in the DevDiv org.

Author: pjcollins

Localize/onelocbuild.yaml

@@ -0,0 +1,72 @@
+trigger: none
+pr: none
+
+schedules:
+- cron: "0 6 * * *"
+  displayName: Run daily at 6:00 UTC
+  branches:
+    include:
+    - main
+- cron: "0 6 * * Sunday"
+  displayName: Run weekly on Sunday at 6:00 UTC
+  branches:
+    include:
+    - main
+  always: true
+
+jobs:
+- job: OneLocBuild
+  displayName: OneLocBuild
+  condition: and(eq(variables['System.TeamProject'], 'DevDiv'), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
+  pool:
+    name: AzurePipelines-EO
+    demands:
+    - ImageOverride -equals 1ESPT-Windows2022
+  timeoutInMinutes: 30
+  variables:
+  - group: Xamarin-Secrets
+  workspace:
+    clean: all
+  steps:
+  - checkout: self
+    clean: true
+
+  # https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-security-configuration/configuration-guides/pat-burndown-guidance#authentication-from-pipelines
+  # Requires Azure client 2.x
+  - task: AzureCLI@2
+    displayName: 'Set AzDO.OneLocBuildToken'
+    enabled: true
+    inputs:
+      azureSubscription: 'VSEng-AzureDevOps-ceapex-OneLocBuild'   # Azure DevOps service connection
+      scriptType: 'pscore'
+      scriptLocation: 'inlineScript'
+      inlineScript: |
+        # if this fails, check out this bash script that includes diagnostics:
+        # https://gist.github.com/johnterickson/19f80a3e969e39f1000d118739176e62
+        # Note that the resource is specified to limit the token to Azure DevOps
+        $token = az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv
+        Write-Host "##vso[task.setvariable variable=AzDO.OneLocBuildToken;issecret=true]${token}"
+
+  - task: OneLocBuild@2
+    displayName: OneLocBuild
+    env:
+      SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+    inputs:
+      locProj: Localize/LocProject.json
+      outDir: $(Build.StagingDirectory)
+      packageSourceAuth: patAuth
+      patVariable: $(AzDO.OneLocBuildToken)
+      isCreatePrSelected: true
+      repoType: gitHub
+      gitHubPatVariable: $(github--pat--vs-mobiletools-engineering-service2)
+      prSourceBranchPrefix: locpr
+      isShouldReusePrSelected: true
+      isAutoCompletePrSelected: false
+      isUseLfLineEndingsSelected: true
+
+  - task: PublishBuildArtifacts@1
+    displayName: Publish Localization Files
+    inputs:
+      PathtoPublish: $(Build.StagingDirectory)/loc
+      ArtifactName: Loc
+    condition: succeededOrFailed()

build-tools/automation/azure-pipelines.yaml

@@ -3,48 +3,35 @@
 trigger:
   - main
   - release/*
-  - d17-*
   - dependabot/*
-  - dev/*
 
 pr:
   branches:
     include:
     - main
     - release/*
-    - d17-*
   paths:
     exclude:
     - README.md
     - Documentation/*
 
-parameters:
-- name: ApiScanSourceBranch
-  default: 'refs/heads/main'
-
 # Global variables
 variables:
   RunningOnCI: true
   Build.Configuration: Release
   DotNetCoreVersion: 8.0.303
   DotNetTargetFramework: net8.0
   NetCoreTargetFrameworkPathSuffix: -$(DotNetTargetFramework)
-  1ESWindowsPool: AzurePipelines-EO
-  1ESWindowsImage: AzurePipelinesWindows2022compliant
-  1ESMacPool: Azure Pipelines
-  1ESMacImage: macOS-13
-  DisablePipelineConfigDetector: true
+  HostedPoolName: Azure Pipelines
+  HostedWinImage: windows-2022
+  HostedMacImage: macOS-14
 
 jobs:
 - job: windows_dotnet_build
   displayName: Windows - .NET
   pool:
-    name: $(1ESWindowsPool)
-    demands: 
-    - ImageOverride -equals $(1ESWindowsImage)
-  variables:
-    VSINSTALLDIR: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\
-    Codeql.Enabled: true
+    name: $(HostedPoolName)
+    vmImage: $(HostedWinImage)
   timeoutInMinutes: 60
   workspace:
     clean: all
@@ -76,8 +63,8 @@ jobs:
 - job: mac_dotnet_build
   displayName: Mac - .NET
   pool:
-    name: $(1ESMacPool)
-    vmImage: $(1ESMacImage)
+    name: $(HostedPoolName)
+    vmImage: $(HostedMacImage)
   timeoutInMinutes: 20
   workspace:
     clean: all
@@ -98,126 +85,3 @@ jobs:
   - template: templates\fail-on-dirty-tree.yaml
 
   - template: templates\fail-on-issue.yaml
-
-
-- job: api_scan
-  displayName: API Scan
-  dependsOn: windows_dotnet_build
-  condition: and(eq(dependencies.windows_dotnet_build.result, 'Succeeded'), eq(variables['Build.SourceBranch'], '${{ parameters.ApiScanSourceBranch }}'))
-  pool:
-    name: MAUI-1ESPT
-    demands: ImageOverride -equals 1ESPT-Windows2022
-  timeoutInMinutes: 480
-  workspace:
-    clean: all
-  steps:
-  - task: DownloadPipelineArtifact@2
-    displayName: Download build artifacts
-    inputs:
-      artifactName: artifacts
-      downloadPath: $(Build.SourcesDirectory)
-
-    ### Copy .dll, .exe, .pdb files for APIScan
-  - task: CopyFiles@2
-    displayName: Collect Files for APIScan
-    inputs:
-      Contents: |
-        $(Build.SourcesDirectory)\$(Build.Configuration)$(NetCoreTargetFrameworkPathSuffix)\**\?(*.dll|*.exe|*.pdb)
-        !$(Build.SourcesDirectory)\**\jnimarshalmethod-gen.*
-        !$(Build.SourcesDirectory)\**\Mono.CSharp.dll
-        !$(Build.SourcesDirectory)\**\SgmlReader.exe
-        !$(Build.SourcesDirectory)\**\win-*\java-interop.dll
-      TargetFolder: $(Build.StagingDirectory)\apiscan
-      OverWrite: true
-      flattenFolders: true
-
-  - task: APIScan@2
-    displayName: Run APIScan
-    inputs:
-      softwareFolder: $(Build.StagingDirectory)\apiscan
-      symbolsFolder: 'SRV*http://symweb;$(Build.StagingDirectory)\apiscan'
-      softwareName: $(ApiScanName)
-      softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion)$(System.JobAttempt)
-      isLargeApp: true
-      toolVersion: Latest
-    env:
-      AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanMAUI1ESPTManagedId)
-
-  - task: SdtReport@2
-    displayName: Guardian Export - Security Report
-    inputs:
-      GdnExportAllTools: false
-      GdnExportGdnToolApiScan: true
-      GdnExportOutputSuppressionFile: source.gdnsuppress
-
-  - task: PublishSecurityAnalysisLogs@3
-    displayName: Publish Guardian Artifacts
-    inputs:
-      ArtifactName: APIScan Logs
-      ArtifactType: Container
-      AllTools: false
-      APIScan: true
-      ToolLogsNotFoundAction: Warning
-
-  - task: PostAnalysis@2
-    displayName: Fail Build on Guardian Issues
-    inputs:
-      GdnBreakAllTools: false
-      GdnBreakGdnToolApiScan: true
-
-
-- job: OneLocBuild
-  displayName: OneLocBuild
-  condition: and(eq(variables['System.TeamProject'], 'DevDiv'), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
-  pool:
-    name: AzurePipelines-EO
-    demands:
-    - ImageOverride -equals 1ESPT-Windows2022
-  timeoutInMinutes: 30
-  variables:
-  - group: Xamarin-Secrets
-  workspace:
-    clean: all
-  steps:
-  - checkout: self
-    clean: true
-
-  # https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-security-configuration/configuration-guides/pat-burndown-guidance#authentication-from-pipelines
-  # Requires Azure client 2.x
-  - task: AzureCLI@2
-    displayName: 'Set AzDO.OneLocBuildToken'
-    enabled: true
-    inputs:
-      azureSubscription: 'VSEng-AzureDevOps-ceapex-OneLocBuild'   # Azure DevOps service connection
-      scriptType: 'pscore'
-      scriptLocation: 'inlineScript'
-      inlineScript: |
-        # if this fails, check out this bash script that includes diagnostics:
-        # https://gist.github.com/johnterickson/19f80a3e969e39f1000d118739176e62
-        # Note that the resource is specified to limit the token to Azure DevOps
-        $token = az account get-access-token --query accessToken --resource 499b84ac-1321-427f-aa17-267ca6975798 -o tsv
-        Write-Host "##vso[task.setvariable variable=AzDO.OneLocBuildToken;issecret=true]${token}"
-
-  - task: OneLocBuild@2
-    displayName: OneLocBuild
-    env:
-      SYSTEM_ACCESSTOKEN: $(System.AccessToken)
-    inputs:
-      locProj: Localize/LocProject.json
-      outDir: $(Build.StagingDirectory)
-      packageSourceAuth: patAuth
-      patVariable: $(AzDO.OneLocBuildToken)
-      isCreatePrSelected: true
-      repoType: gitHub
-      gitHubPatVariable: $(github--pat--vs-mobiletools-engineering-service2)
-      prSourceBranchPrefix: locpr
-      isShouldReusePrSelected: true
-      isAutoCompletePrSelected: false
-      isUseLfLineEndingsSelected: true
-
-  - task: PublishBuildArtifacts@1
-    displayName: Publish Localization Files
-    inputs:
-      PathtoPublish: $(Build.StagingDirectory)/loc
-      ArtifactName: Loc
-    condition: succeededOrFailed()