2021-12-09 14:33:51 +00:00
|
|
|
parameters:
|
|
|
|
overrideGuardianVersion: ''
|
|
|
|
executeAllSdlToolsScript: ''
|
|
|
|
overrideParameters: ''
|
|
|
|
additionalParameters: ''
|
|
|
|
publishGuardianDirectoryToPipeline: false
|
|
|
|
sdlContinueOnError: false
|
|
|
|
condition: ''
|
|
|
|
|
|
|
|
steps:
|
|
|
|
- ${{ if ne(parameters.overrideGuardianVersion, '') }}:
|
|
|
|
- powershell: |
|
|
|
|
$content = Get-Content $(GuardianPackagesConfigFile)
|
|
|
|
|
|
|
|
Write-Host "packages.config content was:`n$content"
|
|
|
|
|
|
|
|
$content = $content.Replace('$(DefaultGuardianVersion)', '$(GuardianVersion)')
|
|
|
|
$content | Set-Content $(GuardianPackagesConfigFile)
|
|
|
|
|
|
|
|
Write-Host "packages.config content updated to:`n$content"
|
|
|
|
displayName: Use overridden Guardian version ${{ parameters.overrideGuardianVersion }}
|
|
|
|
|
|
|
|
- task: NuGetToolInstaller@1
|
|
|
|
displayName: 'Install NuGet.exe'
|
|
|
|
|
|
|
|
- task: NuGetCommand@2
|
|
|
|
displayName: 'Install Guardian'
|
|
|
|
inputs:
|
|
|
|
restoreSolution: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
|
|
|
|
feedsToUse: config
|
|
|
|
nugetConfigPath: $(Build.SourcesDirectory)\eng\common\sdl\NuGet.config
|
|
|
|
externalFeedCredentials: GuardianConnect
|
|
|
|
restoreDirectory: $(Build.SourcesDirectory)\.packages
|
|
|
|
|
|
|
|
- ${{ if ne(parameters.overrideParameters, '') }}:
|
|
|
|
- powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }}
|
|
|
|
displayName: Execute SDL
|
|
|
|
continueOnError: ${{ parameters.sdlContinueOnError }}
|
|
|
|
condition: ${{ parameters.condition }}
|
|
|
|
|
|
|
|
- ${{ if eq(parameters.overrideParameters, '') }}:
|
|
|
|
- powershell: ${{ parameters.executeAllSdlToolsScript }}
|
|
|
|
-GuardianPackageName Microsoft.Guardian.Cli.$(GuardianVersion)
|
|
|
|
-NugetPackageDirectory $(Build.SourcesDirectory)\.packages
|
|
|
|
-AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
|
|
|
|
${{ parameters.additionalParameters }}
|
|
|
|
displayName: Execute SDL
|
|
|
|
continueOnError: ${{ parameters.sdlContinueOnError }}
|
|
|
|
condition: ${{ parameters.condition }}
|
|
|
|
|
|
|
|
- ${{ if ne(parameters.publishGuardianDirectoryToPipeline, 'false') }}:
|
|
|
|
# We want to publish the Guardian results and configuration for easy diagnosis. However, the
|
|
|
|
# '.gdn' dir is a mix of configuration, results, extracted dependencies, and Guardian default
|
|
|
|
# tooling files. Some of these files are large and aren't useful during an investigation, so
|
|
|
|
# exclude them by simply deleting them before publishing. (As of writing, there is no documented
|
|
|
|
# way to selectively exclude a dir from the pipeline artifact publish task.)
|
|
|
|
- task: DeleteFiles@1
|
|
|
|
displayName: Delete Guardian dependencies to avoid uploading
|
|
|
|
inputs:
|
|
|
|
SourceFolder: $(Agent.BuildDirectory)/.gdn
|
|
|
|
Contents: |
|
|
|
|
c
|
|
|
|
i
|
|
|
|
condition: succeededOrFailed()
|
2022-07-30 12:37:25 +00:00
|
|
|
|
2021-12-09 14:33:51 +00:00
|
|
|
- publish: $(Agent.BuildDirectory)/.gdn
|
|
|
|
artifact: GuardianConfiguration
|
|
|
|
displayName: Publish GuardianConfiguration
|
2022-07-30 12:37:25 +00:00
|
|
|
condition: succeededOrFailed()
|
|
|
|
|
|
|
|
# Publish the SARIF files in a container named CodeAnalysisLogs to enable integration
|
|
|
|
# with the "SARIF SAST Scans Tab" Azure DevOps extension
|
|
|
|
- task: CopyFiles@2
|
|
|
|
displayName: Copy SARIF files
|
|
|
|
inputs:
|
|
|
|
flattenFolders: true
|
|
|
|
sourceFolder: $(Agent.BuildDirectory)/.gdn/rc/
|
|
|
|
contents: '**/*.sarif'
|
|
|
|
targetFolder: $(Build.SourcesDirectory)/CodeAnalysisLogs
|
|
|
|
condition: succeededOrFailed()
|
|
|
|
|
|
|
|
# Use PublishBuildArtifacts because the SARIF extension only checks this case
|
|
|
|
# see microsoft/sarif-azuredevops-extension#4
|
|
|
|
- task: PublishBuildArtifacts@1
|
|
|
|
displayName: Publish SARIF files to CodeAnalysisLogs container
|
|
|
|
inputs:
|
|
|
|
pathToPublish: $(Build.SourcesDirectory)/CodeAnalysisLogs
|
|
|
|
artifactName: CodeAnalysisLogs
|
2021-12-09 14:33:51 +00:00
|
|
|
condition: succeededOrFailed()
|