Merge in 'release/6.0.3xx' changes
This commit is contained in:
dotnet-bot
commit
85607abd90
7 changed files with 88 additions and 32 deletions
38
eng/common/sdl/sdl.ps1
Normal file
38
eng/common/sdl/sdl.ps1
Normal file
|
|
@ -0,0 +1,38 @@
|
||||||
|
|
||||||
|
function Install-Gdn {
|
||||||
|
param(
|
||||||
|
[Parameter(Mandatory=$true)]
|
||||||
|
[string]$Path,
|
||||||
|
|
||||||
|
# If omitted, install the latest version of Guardian, otherwise install that specific version.
|
||||||
|
[string]$Version
|
||||||
|
)
|
||||||
|
|
||||||
|
$ErrorActionPreference = 'Stop'
|
||||||
|
Set-StrictMode -Version 2.0
|
||||||
|
$disableConfigureToolsetImport = $true
|
||||||
|
$global:LASTEXITCODE = 0
|
||||||
|
|
||||||
|
# `tools.ps1` checks $ci to perform some actions. Since the SDL
|
||||||
|
# scripts don't necessarily execute in the same agent that run the
|
||||||
|
# build.ps1/sh script this variable isn't automatically set.
|
||||||
|
$ci = $true
|
||||||
|
. $PSScriptRoot\..\tools.ps1
|
||||||
|
|
||||||
|
$argumentList = @("install", "Microsoft.Guardian.Cli", "-Source https://securitytools.pkgs.visualstudio.com/_packaging/Guardian/nuget/v3/index.json", "-OutputDirectory $Path", "-NonInteractive", "-NoCache")
|
||||||
|
|
||||||
|
if ($Version) {
|
||||||
|
$argumentList += "-Version $Version"
|
||||||
|
}
|
||||||
|
|
||||||
|
Start-Process nuget -Verbose -ArgumentList $argumentList -NoNewWindow -Wait
|
||||||
|
|
||||||
|
$gdnCliPath = Get-ChildItem -Filter guardian.cmd -Recurse -Path $Path
|
||||||
|
|
||||||
|
if (!$gdnCliPath)
|
||||||
|
{
|
||||||
|
Write-PipelineTelemetryError -Category 'Sdl' -Message 'Failure installing Guardian'
|
||||||
|
}
|
||||||
|
|
||||||
|
return $gdnCliPath.FullName
|
||||||
|
}
|
||||||
|
|
@ -8,29 +8,28 @@ parameters:
|
||||||
condition: ''
|
condition: ''
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- ${{ if ne(parameters.overrideGuardianVersion, '') }}:
|
- task: NuGetAuthenticate@1
|
||||||
- powershell: |
|
inputs:
|
||||||
$content = Get-Content $(GuardianPackagesConfigFile)
|
nuGetServiceConnections: GuardianConnect
|
||||||
|
|
||||||
Write-Host "packages.config content was:`n$content"
|
|
||||||
|
|
||||||
$content = $content.Replace('$(DefaultGuardianVersion)', '$(GuardianVersion)')
|
|
||||||
$content | Set-Content $(GuardianPackagesConfigFile)
|
|
||||||
|
|
||||||
Write-Host "packages.config content updated to:`n$content"
|
|
||||||
displayName: Use overridden Guardian version ${{ parameters.overrideGuardianVersion }}
|
|
||||||
|
|
||||||
- task: NuGetToolInstaller@1
|
- task: NuGetToolInstaller@1
|
||||||
displayName: 'Install NuGet.exe'
|
displayName: 'Install NuGet.exe'
|
||||||
|
|
||||||
- task: NuGetCommand@2
|
- ${{ if ne(parameters.overrideGuardianVersion, '') }}:
|
||||||
displayName: 'Install Guardian'
|
- pwsh: |
|
||||||
inputs:
|
Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
|
||||||
restoreSolution: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
|
. .\sdl.ps1
|
||||||
feedsToUse: config
|
$guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts -Version ${{ parameters.overrideGuardianVersion }}
|
||||||
nugetConfigPath: $(Build.SourcesDirectory)\eng\common\sdl\NuGet.config
|
Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
|
||||||
externalFeedCredentials: GuardianConnect
|
displayName: Install Guardian (Overridden)
|
||||||
restoreDirectory: $(Build.SourcesDirectory)\.packages
|
|
||||||
|
- ${{ if eq(parameters.overrideGuardianVersion, '') }}:
|
||||||
|
- pwsh: |
|
||||||
|
Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
|
||||||
|
. .\sdl.ps1
|
||||||
|
$guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts
|
||||||
|
Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
|
||||||
|
displayName: Install Guardian
|
||||||
|
|
||||||
- ${{ if ne(parameters.overrideParameters, '') }}:
|
- ${{ if ne(parameters.overrideParameters, '') }}:
|
||||||
- powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }}
|
- powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }}
|
||||||
|
|
@ -40,7 +39,7 @@ steps:
|
||||||
|
|
||||||
- ${{ if eq(parameters.overrideParameters, '') }}:
|
- ${{ if eq(parameters.overrideParameters, '') }}:
|
||||||
- powershell: ${{ parameters.executeAllSdlToolsScript }}
|
- powershell: ${{ parameters.executeAllSdlToolsScript }}
|
||||||
-GuardianPackageName Microsoft.Guardian.Cli.$(GuardianVersion)
|
-GuardianCliLocation $(GuardianCliLocation)
|
||||||
-NugetPackageDirectory $(Build.SourcesDirectory)\.packages
|
-NugetPackageDirectory $(Build.SourcesDirectory)\.packages
|
||||||
-AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
|
-AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
|
||||||
${{ parameters.additionalParameters }}
|
${{ parameters.additionalParameters }}
|
||||||
|
|
@ -62,7 +61,28 @@ steps:
|
||||||
c
|
c
|
||||||
i
|
i
|
||||||
condition: succeededOrFailed()
|
condition: succeededOrFailed()
|
||||||
|
|
||||||
- publish: $(Agent.BuildDirectory)/.gdn
|
- publish: $(Agent.BuildDirectory)/.gdn
|
||||||
artifact: GuardianConfiguration
|
artifact: GuardianConfiguration
|
||||||
displayName: Publish GuardianConfiguration
|
displayName: Publish GuardianConfiguration
|
||||||
|
condition: succeededOrFailed()
|
||||||
|
|
||||||
|
# Publish the SARIF files in a container named CodeAnalysisLogs to enable integration
|
||||||
|
# with the "SARIF SAST Scans Tab" Azure DevOps extension
|
||||||
|
- task: CopyFiles@2
|
||||||
|
displayName: Copy SARIF files
|
||||||
|
inputs:
|
||||||
|
flattenFolders: true
|
||||||
|
sourceFolder: $(Agent.BuildDirectory)/.gdn/rc/
|
||||||
|
contents: '**/*.sarif'
|
||||||
|
targetFolder: $(Build.SourcesDirectory)/CodeAnalysisLogs
|
||||||
|
condition: succeededOrFailed()
|
||||||
|
|
||||||
|
# Use PublishBuildArtifacts because the SARIF extension only checks this case
|
||||||
|
# see microsoft/sarif-azuredevops-extension#4
|
||||||
|
- task: PublishBuildArtifacts@1
|
||||||
|
displayName: Publish SARIF files to CodeAnalysisLogs container
|
||||||
|
inputs:
|
||||||
|
pathToPublish: $(Build.SourcesDirectory)/CodeAnalysisLogs
|
||||||
|
artifactName: CodeAnalysisLogs
|
||||||
condition: succeededOrFailed()
|
condition: succeededOrFailed()
|
||||||
|
|
@ -84,22 +84,19 @@ jobs:
|
||||||
${{ else }}:
|
${{ else }}:
|
||||||
${{ parameters.poolInternalAmd64 }}
|
${{ parameters.poolInternalAmd64 }}
|
||||||
|
|
||||||
- ${{ if eq(variables['System.TeamProject'], 'internal') }}:
|
- ${{ if and(eq(variables['System.TeamProject'], 'internal'), ne(variables['Build.Reason'], 'PullRequest')) }}:
|
||||||
- template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml
|
- template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml
|
||||||
parameters:
|
parameters:
|
||||||
architecture: arm64
|
architecture: arm64
|
||||||
dependsOn: ${{ parameters.dependsOn }}
|
dependsOn: ${{ parameters.dependsOn }}
|
||||||
${{ if in(variables['Build.Reason'], 'PullRequest') }}:
|
|
||||||
excludeSdkContentTests: true
|
|
||||||
installerBuildResourceId: ${{ parameters.installerBuildResourceId }}
|
installerBuildResourceId: ${{ parameters.installerBuildResourceId }}
|
||||||
matrix:
|
matrix:
|
||||||
${{ if ne(variables['Build.Reason'], 'PullRequest') }}:
|
Debian9-Offline:
|
||||||
Debian9-Offline:
|
_BootstrapPrep: true
|
||||||
_BootstrapPrep: true
|
_Container: ${{ parameters.debian9Arm64Container }}
|
||||||
_Container: ${{ parameters.debian9Arm64Container }}
|
_EnablePoison: false
|
||||||
_EnablePoison: false
|
_ExcludeOmniSharpTests: false
|
||||||
_ExcludeOmniSharpTests: false
|
_RunOnline: false
|
||||||
_RunOnline: false
|
|
||||||
name: Build_Tarball_arm64
|
name: Build_Tarball_arm64
|
||||||
pool: ${{ parameters.poolInternalArm64 }}
|
pool: ${{ parameters.poolInternalArm64 }}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
<Project Sdk="Microsoft.NET.Sdk">
|
<Project Sdk="Microsoft.NET.Sdk">
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<TargetFrameworks>net5.0</TargetFrameworks>
|
<TargetFrameworks>net6.0</TargetFrameworks>
|
||||||
<EnableDefaultCompileItems>false</EnableDefaultCompileItems>
|
<EnableDefaultCompileItems>false</EnableDefaultCompileItems>
|
||||||
<RunAnalyzers>false</RunAnalyzers>
|
<RunAnalyzers>false</RunAnalyzers>
|
||||||
<Nullable>disable</Nullable>
|
<Nullable>disable</Nullable>
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,6 @@
|
||||||
<!-- Licensed to the .NET Foundation under one or more agreements. The .NET Foundation licenses this file to you under the MIT license. -->
|
<!-- Licensed to the .NET Foundation under one or more agreements. The .NET Foundation licenses this file to you under the MIT license. -->
|
||||||
<Project>
|
<Project>
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<SourceBuildTasksAssembly>$(RepoRoot)\artifacts\bin\SourceBuild.Tasks\$(Configuration)\net5.0\SourceBuild.Tasks.dll</SourceBuildTasksAssembly>
|
<SourceBuildTasksAssembly>$(RepoRoot)\artifacts\bin\SourceBuild.Tasks\$(Configuration)\net6.0\SourceBuild.Tasks.dll</SourceBuildTasksAssembly>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
</Project>
|
</Project>
|
||||||
|
|
@ -27,6 +27,7 @@
|
||||||
|
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<UseSourceBuiltSdkOverride Include="@(ArcadeSdkOverride)" />
|
<UseSourceBuiltSdkOverride Include="@(ArcadeSdkOverride)" />
|
||||||
|
<EnvironmentVariables Include="CheckEolTargetFramework=false" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
|
||||||
<Import Project="Sdk.targets" Sdk="Microsoft.NET.Sdk" />
|
<Import Project="Sdk.targets" Sdk="Microsoft.NET.Sdk" />
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue