diff --git a/NuGet.config b/NuGet.config
index 063b396f5..d5f4b3c3c 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -14,13 +14,10 @@
-
-
-
@@ -44,14 +41,11 @@
-
+
-
-
-
diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml
index 999ef2404..6f6927b79 100644
--- a/eng/Version.Details.xml
+++ b/eng/Version.Details.xml
@@ -197,19 +197,19 @@
-
+
https://github.com/dotnet/arcade
- bb1e72113a7eaf8bebda940beba8cf8bee1b453f
+ 841e1fe0d2498a7ac6445e458ae521511ec226ca
-
+
https://github.com/dotnet/arcade
- bb1e72113a7eaf8bebda940beba8cf8bee1b453f
+ 841e1fe0d2498a7ac6445e458ae521511ec226ca
-
+
https://github.com/dotnet/arcade
- bb1e72113a7eaf8bebda940beba8cf8bee1b453f
+ 841e1fe0d2498a7ac6445e458ae521511ec226ca
https://github.com/dotnet/source-build-reference-packages
diff --git a/eng/Versions.props b/eng/Versions.props
index 551f43b83..ef6da98d2 100644
--- a/eng/Versions.props
+++ b/eng/Versions.props
@@ -19,7 +19,7 @@
- 6.0.0-beta.22512.3
+ 6.0.0-beta.22558.2
diff --git a/eng/common/sdl/sdl.ps1 b/eng/common/sdl/sdl.ps1
new file mode 100644
index 000000000..648c5068d
--- /dev/null
+++ b/eng/common/sdl/sdl.ps1
@@ -0,0 +1,38 @@
+
+function Install-Gdn {
+ param(
+ [Parameter(Mandatory=$true)]
+ [string]$Path,
+
+ # If omitted, install the latest version of Guardian, otherwise install that specific version.
+ [string]$Version
+ )
+
+ $ErrorActionPreference = 'Stop'
+ Set-StrictMode -Version 2.0
+ $disableConfigureToolsetImport = $true
+ $global:LASTEXITCODE = 0
+
+ # `tools.ps1` checks $ci to perform some actions. Since the SDL
+ # scripts don't necessarily execute in the same agent that run the
+ # build.ps1/sh script this variable isn't automatically set.
+ $ci = $true
+ . $PSScriptRoot\..\tools.ps1
+
+ $argumentList = @("install", "Microsoft.Guardian.Cli", "-Source https://securitytools.pkgs.visualstudio.com/_packaging/Guardian/nuget/v3/index.json", "-OutputDirectory $Path", "-NonInteractive", "-NoCache")
+
+ if ($Version) {
+ $argumentList += "-Version $Version"
+ }
+
+ Start-Process nuget -Verbose -ArgumentList $argumentList -NoNewWindow -Wait
+
+ $gdnCliPath = Get-ChildItem -Filter guardian.cmd -Recurse -Path $Path
+
+ if (!$gdnCliPath)
+ {
+ Write-PipelineTelemetryError -Category 'Sdl' -Message 'Failure installing Guardian'
+ }
+
+ return $gdnCliPath.FullName
+}
\ No newline at end of file
diff --git a/eng/common/templates/steps/execute-sdl.yml b/eng/common/templates/steps/execute-sdl.yml
index 7b8ee18a2..9dd5709f6 100644
--- a/eng/common/templates/steps/execute-sdl.yml
+++ b/eng/common/templates/steps/execute-sdl.yml
@@ -8,29 +8,28 @@ parameters:
condition: ''
steps:
-- ${{ if ne(parameters.overrideGuardianVersion, '') }}:
- - powershell: |
- $content = Get-Content $(GuardianPackagesConfigFile)
-
- Write-Host "packages.config content was:`n$content"
-
- $content = $content.Replace('$(DefaultGuardianVersion)', '$(GuardianVersion)')
- $content | Set-Content $(GuardianPackagesConfigFile)
-
- Write-Host "packages.config content updated to:`n$content"
- displayName: Use overridden Guardian version ${{ parameters.overrideGuardianVersion }}
+- task: NuGetAuthenticate@1
+ inputs:
+ nuGetServiceConnections: GuardianConnect
- task: NuGetToolInstaller@1
displayName: 'Install NuGet.exe'
-- task: NuGetCommand@2
- displayName: 'Install Guardian'
- inputs:
- restoreSolution: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
- feedsToUse: config
- nugetConfigPath: $(Build.SourcesDirectory)\eng\common\sdl\NuGet.config
- externalFeedCredentials: GuardianConnect
- restoreDirectory: $(Build.SourcesDirectory)\.packages
+- ${{ if ne(parameters.overrideGuardianVersion, '') }}:
+ - pwsh: |
+ Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
+ . .\sdl.ps1
+ $guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts -Version ${{ parameters.overrideGuardianVersion }}
+ Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
+ displayName: Install Guardian (Overridden)
+
+- ${{ if eq(parameters.overrideGuardianVersion, '') }}:
+ - pwsh: |
+ Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
+ . .\sdl.ps1
+ $guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts
+ Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
+ displayName: Install Guardian
- ${{ if ne(parameters.overrideParameters, '') }}:
- powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }}
@@ -40,7 +39,7 @@ steps:
- ${{ if eq(parameters.overrideParameters, '') }}:
- powershell: ${{ parameters.executeAllSdlToolsScript }}
- -GuardianPackageName Microsoft.Guardian.Cli.$(GuardianVersion)
+ -GuardianCliLocation $(GuardianCliLocation)
-NugetPackageDirectory $(Build.SourcesDirectory)\.packages
-AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
${{ parameters.additionalParameters }}
@@ -62,7 +61,28 @@ steps:
c
i
condition: succeededOrFailed()
+
- publish: $(Agent.BuildDirectory)/.gdn
artifact: GuardianConfiguration
displayName: Publish GuardianConfiguration
+ condition: succeededOrFailed()
+
+ # Publish the SARIF files in a container named CodeAnalysisLogs to enable integration
+ # with the "SARIF SAST Scans Tab" Azure DevOps extension
+ - task: CopyFiles@2
+ displayName: Copy SARIF files
+ inputs:
+ flattenFolders: true
+ sourceFolder: $(Agent.BuildDirectory)/.gdn/rc/
+ contents: '**/*.sarif'
+ targetFolder: $(Build.SourcesDirectory)/CodeAnalysisLogs
+ condition: succeededOrFailed()
+
+ # Use PublishBuildArtifacts because the SARIF extension only checks this case
+ # see microsoft/sarif-azuredevops-extension#4
+ - task: PublishBuildArtifacts@1
+ displayName: Publish SARIF files to CodeAnalysisLogs container
+ inputs:
+ pathToPublish: $(Build.SourcesDirectory)/CodeAnalysisLogs
+ artifactName: CodeAnalysisLogs
condition: succeededOrFailed()
\ No newline at end of file
diff --git a/global.json b/global.json
index 20ae9a5af..b779ff3ff 100644
--- a/global.json
+++ b/global.json
@@ -1,6 +1,6 @@
{
"tools": {
- "dotnet": "6.0.110",
+ "dotnet": "6.0.111",
"runtimes": {
"dotnet": [
"$(VSRedistCommonNetCoreSharedFrameworkx6460PackageVersion)"
@@ -11,7 +11,7 @@
"cmake": "3.16.4"
},
"msbuild-sdks": {
- "Microsoft.DotNet.Arcade.Sdk": "6.0.0-beta.22512.3",
- "Microsoft.DotNet.CMake.Sdk": "6.0.0-beta.22512.3"
+ "Microsoft.DotNet.Arcade.Sdk": "6.0.0-beta.22558.2",
+ "Microsoft.DotNet.CMake.Sdk": "6.0.0-beta.22558.2"
}
}
diff --git a/src/SourceBuild/Arcade/src/SourceBuild.Tasks.csproj b/src/SourceBuild/Arcade/src/SourceBuild.Tasks.csproj
index 735289e70..bd43b568b 100644
--- a/src/SourceBuild/Arcade/src/SourceBuild.Tasks.csproj
+++ b/src/SourceBuild/Arcade/src/SourceBuild.Tasks.csproj
@@ -1,6 +1,6 @@
- net5.0
+ net6.0
false
false
disable
diff --git a/src/SourceBuild/Arcade/tools/BuildTasks.props b/src/SourceBuild/Arcade/tools/BuildTasks.props
index 4014b87ad..57c4a4b0a 100644
--- a/src/SourceBuild/Arcade/tools/BuildTasks.props
+++ b/src/SourceBuild/Arcade/tools/BuildTasks.props
@@ -2,6 +2,6 @@
- $(RepoRoot)\artifacts\bin\SourceBuild.Tasks\$(Configuration)\net5.0\SourceBuild.Tasks.dll
+ $(RepoRoot)\artifacts\bin\SourceBuild.Tasks\$(Configuration)\net6.0\SourceBuild.Tasks.dll
\ No newline at end of file