Merge commit 'd1e5274456b56eef679f5de0cb65d49fed9edce2'
This commit is contained in:
Mirroring
commit
d4a2d8b6ad
11 changed files with 46 additions and 31 deletions
|
|
@ -214,18 +214,18 @@
|
|||
</Dependency>
|
||||
</ProductDependencies>
|
||||
<ToolsetDependencies>
|
||||
<Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="8.0.0-beta.24360.5">
|
||||
<Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="8.0.0-beta.24367.1">
|
||||
<Uri>https://github.com/dotnet/arcade</Uri>
|
||||
<Sha>c9efa535175049eb9cba06cae1f8c3d5dbe768a9</Sha>
|
||||
<Sha>fa3d544b066661522f1ec5d5e8cfd461a29b0f8a</Sha>
|
||||
<SourceBuild RepoName="arcade" ManagedOnly="true" />
|
||||
</Dependency>
|
||||
<Dependency Name="Microsoft.DotNet.CMake.Sdk" Version="8.0.0-beta.24360.5">
|
||||
<Dependency Name="Microsoft.DotNet.CMake.Sdk" Version="8.0.0-beta.24367.1">
|
||||
<Uri>https://github.com/dotnet/arcade</Uri>
|
||||
<Sha>c9efa535175049eb9cba06cae1f8c3d5dbe768a9</Sha>
|
||||
<Sha>fa3d544b066661522f1ec5d5e8cfd461a29b0f8a</Sha>
|
||||
</Dependency>
|
||||
<Dependency Name="Microsoft.DotNet.Build.Tasks.Installers" Version="8.0.0-beta.24360.5">
|
||||
<Dependency Name="Microsoft.DotNet.Build.Tasks.Installers" Version="8.0.0-beta.24367.1">
|
||||
<Uri>https://github.com/dotnet/arcade</Uri>
|
||||
<Sha>c9efa535175049eb9cba06cae1f8c3d5dbe768a9</Sha>
|
||||
<Sha>fa3d544b066661522f1ec5d5e8cfd461a29b0f8a</Sha>
|
||||
</Dependency>
|
||||
<Dependency Name="Microsoft.DotNet.Darc" Version="1.1.0-beta.24306.1">
|
||||
<Uri>https://github.com/dotnet/arcade-services</Uri>
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@
|
|||
</PropertyGroup>
|
||||
<PropertyGroup>
|
||||
<!-- Dependency from https://github.com/dotnet/arcade -->
|
||||
<MicrosoftDotNetBuildTasksInstallersPackageVersion>8.0.0-beta.24360.5</MicrosoftDotNetBuildTasksInstallersPackageVersion>
|
||||
<MicrosoftDotNetBuildTasksInstallersPackageVersion>8.0.0-beta.24367.1</MicrosoftDotNetBuildTasksInstallersPackageVersion>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup>
|
||||
<!-- Dependency from https://github.com/dotnet/arcade-services -->
|
||||
|
|
|
|||
|
|
@ -5,11 +5,11 @@
|
|||
</solution>
|
||||
<packageSources>
|
||||
<clear />
|
||||
<add key="guardian" value="https://securitytools.pkgs.visualstudio.com/_packaging/Guardian/nuget/v3/index.json" />
|
||||
<add key="guardian" value="https://pkgs.dev.azure.com/dnceng/_packaging/Guardian1ESPTUpstreamOrgFeed/nuget/v3/index.json" />
|
||||
</packageSources>
|
||||
<packageSourceMapping>
|
||||
<packageSource key="guardian">
|
||||
<package pattern="microsoft.guardian.cli" />
|
||||
<package pattern="Microsoft.Guardian.Cli.win-x64" />
|
||||
</packageSource>
|
||||
</packageSourceMapping>
|
||||
<disabledPackageSources>
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ Param(
|
|||
[string] $BranchName=$env:BUILD_SOURCEBRANCH, # Optional: name of branch or version of gdn settings; defaults to master
|
||||
[string] $SourceDirectory=$env:BUILD_SOURCESDIRECTORY, # Required: the directory where source files are located
|
||||
[string] $ArtifactsDirectory = (Join-Path $env:BUILD_ARTIFACTSTAGINGDIRECTORY ('artifacts')), # Required: the directory where build artifacts are located
|
||||
[string] $AzureDevOpsAccessToken, # Required: access token for dnceng; should be provided via KeyVault
|
||||
|
||||
# Optional: list of SDL tools to run on source code. See 'configure-sdl-tool.ps1' for tools list
|
||||
# format.
|
||||
|
|
@ -75,7 +74,7 @@ try {
|
|||
}
|
||||
|
||||
Exec-BlockVerbosely {
|
||||
& $(Join-Path $PSScriptRoot 'init-sdl.ps1') -GuardianCliLocation $guardianCliLocation -Repository $RepoName -BranchName $BranchName -WorkingDirectory $workingDirectory -AzureDevOpsAccessToken $AzureDevOpsAccessToken -GuardianLoggerLevel $GuardianLoggerLevel
|
||||
& $(Join-Path $PSScriptRoot 'init-sdl.ps1') -GuardianCliLocation $guardianCliLocation -Repository $RepoName -BranchName $BranchName -WorkingDirectory $workingDirectory -GuardianLoggerLevel $GuardianLoggerLevel
|
||||
}
|
||||
$gdnFolder = Join-Path $workingDirectory '.gdn'
|
||||
|
||||
|
|
@ -104,7 +103,6 @@ try {
|
|||
-TargetDirectory $targetDirectory `
|
||||
-GdnFolder $gdnFolder `
|
||||
-ToolsList $tools `
|
||||
-AzureDevOpsAccessToken $AzureDevOpsAccessToken `
|
||||
-GuardianLoggerLevel $GuardianLoggerLevel `
|
||||
-CrScanAdditionalRunConfigParams $CrScanAdditionalRunConfigParams `
|
||||
-PoliCheckAdditionalRunConfigParams $PoliCheckAdditionalRunConfigParams `
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ Param(
|
|||
[string] $Repository,
|
||||
[string] $BranchName='master',
|
||||
[string] $WorkingDirectory,
|
||||
[string] $AzureDevOpsAccessToken,
|
||||
[string] $GuardianLoggerLevel='Standard'
|
||||
)
|
||||
|
||||
|
|
@ -21,14 +20,7 @@ $ci = $true
|
|||
# Don't display the console progress UI - it's a huge perf hit
|
||||
$ProgressPreference = 'SilentlyContinue'
|
||||
|
||||
# Construct basic auth from AzDO access token; construct URI to the repository's gdn folder stored in that repository; construct location of zip file
|
||||
$encodedPat = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$AzureDevOpsAccessToken"))
|
||||
$escapedRepository = [Uri]::EscapeDataString("/$Repository/$BranchName/.gdn")
|
||||
$uri = "https://dev.azure.com/dnceng/internal/_apis/git/repositories/sdl-tool-cfg/Items?path=$escapedRepository&versionDescriptor[versionOptions]=0&`$format=zip&api-version=5.0"
|
||||
$zipFile = "$WorkingDirectory/gdn.zip"
|
||||
|
||||
Add-Type -AssemblyName System.IO.Compression.FileSystem
|
||||
$gdnFolder = (Join-Path $WorkingDirectory '.gdn')
|
||||
|
||||
try {
|
||||
# if the folder does not exist, we'll do a guardian init and push it to the remote repository
|
||||
|
|
|
|||
|
|
@ -4,6 +4,8 @@ function Install-Gdn {
|
|||
[Parameter(Mandatory=$true)]
|
||||
[string]$Path,
|
||||
|
||||
[string]$Source = "https://pkgs.dev.azure.com/dnceng/_packaging/Guardian1ESPTUpstreamOrgFeed/nuget/v3/index.json",
|
||||
|
||||
# If omitted, install the latest version of Guardian, otherwise install that specific version.
|
||||
[string]$Version
|
||||
)
|
||||
|
|
@ -19,7 +21,7 @@ function Install-Gdn {
|
|||
$ci = $true
|
||||
. $PSScriptRoot\..\tools.ps1
|
||||
|
||||
$argumentList = @("install", "Microsoft.Guardian.Cli", "-Source https://securitytools.pkgs.visualstudio.com/_packaging/Guardian/nuget/v3/index.json", "-OutputDirectory $Path", "-NonInteractive", "-NoCache")
|
||||
$argumentList = @("install", "Microsoft.Guardian.Cli.win-x64", "-Source $Source", "-OutputDirectory $Path", "-NonInteractive", "-NoCache")
|
||||
|
||||
if ($Version) {
|
||||
$argumentList += "-Version $Version"
|
||||
|
|
|
|||
|
|
@ -9,8 +9,6 @@ parameters:
|
|||
|
||||
steps:
|
||||
- task: NuGetAuthenticate@1
|
||||
inputs:
|
||||
nuGetServiceConnections: GuardianConnect
|
||||
|
||||
- task: NuGetToolInstaller@1
|
||||
displayName: 'Install NuGet.exe'
|
||||
|
|
|
|||
|
|
@ -3,6 +3,12 @@ parameters:
|
|||
type: string
|
||||
- name: outputVariableName
|
||||
type: string
|
||||
- name: stepName
|
||||
type: string
|
||||
default: 'getFederatedAccessToken'
|
||||
- name: condition
|
||||
type: string
|
||||
default: ''
|
||||
# Resource to get a token for. Common values include:
|
||||
# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps
|
||||
# - 'https://storage.azure.com/' for storage
|
||||
|
|
@ -10,10 +16,16 @@ parameters:
|
|||
- name: resource
|
||||
type: string
|
||||
default: '499b84ac-1321-427f-aa17-267ca6975798'
|
||||
- name: isStepOutputVariable
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
steps:
|
||||
- task: AzureCLI@2
|
||||
displayName: 'Getting federated access token for feeds'
|
||||
name: ${{ parameters.stepName }}
|
||||
${{ if ne(parameters.condition, '') }}:
|
||||
condition: ${{ parameters.condition }}
|
||||
inputs:
|
||||
azureSubscription: ${{ parameters.federatedServiceConnection }}
|
||||
scriptType: 'pscore'
|
||||
|
|
@ -25,4 +37,4 @@ steps:
|
|||
exit 1
|
||||
}
|
||||
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
|
||||
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken"
|
||||
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true;isOutput=${{ parameters.isStepOutputVariable }}]$accessToken"
|
||||
|
|
@ -9,8 +9,6 @@ parameters:
|
|||
|
||||
steps:
|
||||
- task: NuGetAuthenticate@1
|
||||
inputs:
|
||||
nuGetServiceConnections: GuardianConnect
|
||||
|
||||
- task: NuGetToolInstaller@1
|
||||
displayName: 'Install NuGet.exe'
|
||||
|
|
@ -36,16 +34,19 @@ steps:
|
|||
displayName: Execute SDL (Overridden)
|
||||
continueOnError: ${{ parameters.sdlContinueOnError }}
|
||||
condition: ${{ parameters.condition }}
|
||||
env:
|
||||
GUARDIAN_DEFAULT_PACKAGE_SOURCE_SECRET: $(System.AccessToken)
|
||||
|
||||
- ${{ if eq(parameters.overrideParameters, '') }}:
|
||||
- powershell: ${{ parameters.executeAllSdlToolsScript }}
|
||||
-GuardianCliLocation $(GuardianCliLocation)
|
||||
-NugetPackageDirectory $(Build.SourcesDirectory)\.packages
|
||||
-AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
|
||||
${{ parameters.additionalParameters }}
|
||||
displayName: Execute SDL
|
||||
continueOnError: ${{ parameters.sdlContinueOnError }}
|
||||
condition: ${{ parameters.condition }}
|
||||
env:
|
||||
GUARDIAN_DEFAULT_PACKAGE_SOURCE_SECRET: $(System.AccessToken)
|
||||
|
||||
- ${{ if ne(parameters.publishGuardianDirectoryToPipeline, 'false') }}:
|
||||
# We want to publish the Guardian results and configuration for easy diagnosis. However, the
|
||||
|
|
|
|||
|
|
@ -3,6 +3,12 @@ parameters:
|
|||
type: string
|
||||
- name: outputVariableName
|
||||
type: string
|
||||
- name: stepName
|
||||
type: string
|
||||
default: 'getFederatedAccessToken'
|
||||
- name: condition
|
||||
type: string
|
||||
default: ''
|
||||
# Resource to get a token for. Common values include:
|
||||
# - '499b84ac-1321-427f-aa17-267ca6975798' for Azure DevOps
|
||||
# - 'https://storage.azure.com/' for storage
|
||||
|
|
@ -10,10 +16,16 @@ parameters:
|
|||
- name: resource
|
||||
type: string
|
||||
default: '499b84ac-1321-427f-aa17-267ca6975798'
|
||||
- name: isStepOutputVariable
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
steps:
|
||||
- task: AzureCLI@2
|
||||
displayName: 'Getting federated access token for feeds'
|
||||
name: ${{ parameters.stepName }}
|
||||
${{ if ne(parameters.condition, '') }}:
|
||||
condition: ${{ parameters.condition }}
|
||||
inputs:
|
||||
azureSubscription: ${{ parameters.federatedServiceConnection }}
|
||||
scriptType: 'pscore'
|
||||
|
|
@ -25,4 +37,4 @@ steps:
|
|||
exit 1
|
||||
}
|
||||
Write-Host "Setting '${{ parameters.outputVariableName }}' with the access token value"
|
||||
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true]$accessToken"
|
||||
Write-Host "##vso[task.setvariable variable=${{ parameters.outputVariableName }};issecret=true;isOutput=${{ parameters.isStepOutputVariable }}]$accessToken"
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"tools": {
|
||||
"dotnet": "8.0.101",
|
||||
"dotnet": "8.0.107",
|
||||
"runtimes": {
|
||||
"dotnet": [
|
||||
"$(VSRedistCommonNetCoreSharedFrameworkx6480PackageVersion)"
|
||||
|
|
@ -11,7 +11,7 @@
|
|||
"cmake": "3.21.0"
|
||||
},
|
||||
"msbuild-sdks": {
|
||||
"Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24360.5",
|
||||
"Microsoft.DotNet.CMake.Sdk": "8.0.0-beta.24360.5"
|
||||
"Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.24367.1",
|
||||
"Microsoft.DotNet.CMake.Sdk": "8.0.0-beta.24367.1"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue