Make scan wait until after approval (#98)

TravisEz13 · web-flow · commit b3a3f7e10867 · 2023-04-25T10:57:52.000-07:00
* add devcontainer

* remove docker in docker

* Move scan after approval

* read pool name from variable group

* update approval instructions
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -0,0 +1,11 @@
+{
+    "image": "mcr.microsoft.com/powershell/test-deps:ubuntu-22.04",
+    "features": {
+        "ghcr.io/devcontainers/features/github-cli:1": {},
+        "ghcr.io/devcontainers/features/common-utils:2": {}
+    },
+    "customizations": {
+        "codespaces": {
+        }
+    }
+}
diff --git a/.vsts-ci/releaseBuild.yml b/.vsts-ci/releaseBuild.yml
@@ -32,6 +32,7 @@ variables:
     value: 1
   - name: runCodesignValidationInjection
     value: false
+  - group: poolNames
 
 stages:
 - template: ./templates/releaseBuildAndPushStage.yml
diff --git a/.vsts-ci/templates/pushPhase.yml b/.vsts-ci/templates/pushPhase.yml
@@ -7,11 +7,21 @@ parameters:
     default: 'private'
 
 jobs:
+- template: ./Approval.yml
+  parameters:
+    displayName: 'Approve ${{ parameters.channel }}-${{ parameters.release }} upload'
+    instructions: |
+      Only approve one channel at a time or malware scanning will fail.
+      Approving this will trigger the upload of the snap as "${{ parameters.channel }}-${{ parameters.release }}"
+    jobName: 'push_approval'
+
 - job: scan
   displayName: Scan ${{ parameters.channel }}
+  dependsOn:
+    - push_approval
 
   pool:
-    name: 1es
+    name: $(ubuntuPool)
     demands:
     - ImageOverride -equals ${{ parameters.vmImage }}
 
@@ -72,12 +82,6 @@ jobs:
         **/*
       scanningService: 'pwshEsrpScanning'
 
-- template: ./Approval.yml
-  parameters:
-    displayName: 'Approve ${{ parameters.channel }}-${{ parameters.release }} upload'
-    instructions: 'Approving this will trigger the upload of the snap as "${{ parameters.channel }}-${{ parameters.release }}"'
-    jobName: 'push_approval'
-
 - job: push
   dependsOn:
   - push_approval
@@ -86,7 +90,7 @@ jobs:
   displayName: Push to ${{ parameters.release }}
 
   pool:
-    name: 1es
+    name: $(ubuntuPool)
     demands:
     - ImageOverride -equals ${{ parameters.vmImage }}
 
diff --git a/.vsts-ci/templates/releaseBuildPhase.yml b/.vsts-ci/templates/releaseBuildPhase.yml
@@ -16,7 +16,7 @@ jobs:
 
   ${{ if startsWith(parameters.vmImage, 'PSMMS') }}:
     pool:
-        name: 1es
+        name: $(ubuntuPool)
         demands:
         - ImageOverride -equals ${{ parameters.vmImage }}
 
