Merge branch 'release/6.0.1xx' into release/6.0.3xx
This commit is contained in:
commit
fa25dc817a
7 changed files with 88 additions and 32 deletions
38
eng/common/sdl/sdl.ps1
Normal file
38
eng/common/sdl/sdl.ps1
Normal file
|
@ -0,0 +1,38 @@
|
|||
|
||||
function Install-Gdn {
|
||||
param(
|
||||
[Parameter(Mandatory=$true)]
|
||||
[string]$Path,
|
||||
|
||||
# If omitted, install the latest version of Guardian, otherwise install that specific version.
|
||||
[string]$Version
|
||||
)
|
||||
|
||||
$ErrorActionPreference = 'Stop'
|
||||
Set-StrictMode -Version 2.0
|
||||
$disableConfigureToolsetImport = $true
|
||||
$global:LASTEXITCODE = 0
|
||||
|
||||
# `tools.ps1` checks $ci to perform some actions. Since the SDL
|
||||
# scripts don't necessarily execute in the same agent that run the
|
||||
# build.ps1/sh script this variable isn't automatically set.
|
||||
$ci = $true
|
||||
. $PSScriptRoot\..\tools.ps1
|
||||
|
||||
$argumentList = @("install", "Microsoft.Guardian.Cli", "-Source https://securitytools.pkgs.visualstudio.com/_packaging/Guardian/nuget/v3/index.json", "-OutputDirectory $Path", "-NonInteractive", "-NoCache")
|
||||
|
||||
if ($Version) {
|
||||
$argumentList += "-Version $Version"
|
||||
}
|
||||
|
||||
Start-Process nuget -Verbose -ArgumentList $argumentList -NoNewWindow -Wait
|
||||
|
||||
$gdnCliPath = Get-ChildItem -Filter guardian.cmd -Recurse -Path $Path
|
||||
|
||||
if (!$gdnCliPath)
|
||||
{
|
||||
Write-PipelineTelemetryError -Category 'Sdl' -Message 'Failure installing Guardian'
|
||||
}
|
||||
|
||||
return $gdnCliPath.FullName
|
||||
}
|
|
@ -8,29 +8,28 @@ parameters:
|
|||
condition: ''
|
||||
|
||||
steps:
|
||||
- ${{ if ne(parameters.overrideGuardianVersion, '') }}:
|
||||
- powershell: |
|
||||
$content = Get-Content $(GuardianPackagesConfigFile)
|
||||
|
||||
Write-Host "packages.config content was:`n$content"
|
||||
|
||||
$content = $content.Replace('$(DefaultGuardianVersion)', '$(GuardianVersion)')
|
||||
$content | Set-Content $(GuardianPackagesConfigFile)
|
||||
|
||||
Write-Host "packages.config content updated to:`n$content"
|
||||
displayName: Use overridden Guardian version ${{ parameters.overrideGuardianVersion }}
|
||||
- task: NuGetAuthenticate@1
|
||||
inputs:
|
||||
nuGetServiceConnections: GuardianConnect
|
||||
|
||||
- task: NuGetToolInstaller@1
|
||||
displayName: 'Install NuGet.exe'
|
||||
|
||||
- task: NuGetCommand@2
|
||||
displayName: 'Install Guardian'
|
||||
inputs:
|
||||
restoreSolution: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
|
||||
feedsToUse: config
|
||||
nugetConfigPath: $(Build.SourcesDirectory)\eng\common\sdl\NuGet.config
|
||||
externalFeedCredentials: GuardianConnect
|
||||
restoreDirectory: $(Build.SourcesDirectory)\.packages
|
||||
- ${{ if ne(parameters.overrideGuardianVersion, '') }}:
|
||||
- pwsh: |
|
||||
Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
|
||||
. .\sdl.ps1
|
||||
$guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts -Version ${{ parameters.overrideGuardianVersion }}
|
||||
Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
|
||||
displayName: Install Guardian (Overridden)
|
||||
|
||||
- ${{ if eq(parameters.overrideGuardianVersion, '') }}:
|
||||
- pwsh: |
|
||||
Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
|
||||
. .\sdl.ps1
|
||||
$guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts
|
||||
Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
|
||||
displayName: Install Guardian
|
||||
|
||||
- ${{ if ne(parameters.overrideParameters, '') }}:
|
||||
- powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }}
|
||||
|
@ -40,7 +39,7 @@ steps:
|
|||
|
||||
- ${{ if eq(parameters.overrideParameters, '') }}:
|
||||
- powershell: ${{ parameters.executeAllSdlToolsScript }}
|
||||
-GuardianPackageName Microsoft.Guardian.Cli.$(GuardianVersion)
|
||||
-GuardianCliLocation $(GuardianCliLocation)
|
||||
-NugetPackageDirectory $(Build.SourcesDirectory)\.packages
|
||||
-AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
|
||||
${{ parameters.additionalParameters }}
|
||||
|
@ -62,7 +61,28 @@ steps:
|
|||
c
|
||||
i
|
||||
condition: succeededOrFailed()
|
||||
|
||||
- publish: $(Agent.BuildDirectory)/.gdn
|
||||
artifact: GuardianConfiguration
|
||||
displayName: Publish GuardianConfiguration
|
||||
condition: succeededOrFailed()
|
||||
|
||||
# Publish the SARIF files in a container named CodeAnalysisLogs to enable integration
|
||||
# with the "SARIF SAST Scans Tab" Azure DevOps extension
|
||||
- task: CopyFiles@2
|
||||
displayName: Copy SARIF files
|
||||
inputs:
|
||||
flattenFolders: true
|
||||
sourceFolder: $(Agent.BuildDirectory)/.gdn/rc/
|
||||
contents: '**/*.sarif'
|
||||
targetFolder: $(Build.SourcesDirectory)/CodeAnalysisLogs
|
||||
condition: succeededOrFailed()
|
||||
|
||||
# Use PublishBuildArtifacts because the SARIF extension only checks this case
|
||||
# see microsoft/sarif-azuredevops-extension#4
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: Publish SARIF files to CodeAnalysisLogs container
|
||||
inputs:
|
||||
pathToPublish: $(Build.SourcesDirectory)/CodeAnalysisLogs
|
||||
artifactName: CodeAnalysisLogs
|
||||
condition: succeededOrFailed()
|
|
@ -84,22 +84,19 @@ jobs:
|
|||
${{ else }}:
|
||||
${{ parameters.poolInternalAmd64 }}
|
||||
|
||||
- ${{ if eq(variables['System.TeamProject'], 'internal') }}:
|
||||
- ${{ if and(eq(variables['System.TeamProject'], 'internal'), ne(variables['Build.Reason'], 'PullRequest')) }}:
|
||||
- template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml
|
||||
parameters:
|
||||
architecture: arm64
|
||||
dependsOn: ${{ parameters.dependsOn }}
|
||||
${{ if in(variables['Build.Reason'], 'PullRequest') }}:
|
||||
excludeSdkContentTests: true
|
||||
installerBuildResourceId: ${{ parameters.installerBuildResourceId }}
|
||||
matrix:
|
||||
${{ if ne(variables['Build.Reason'], 'PullRequest') }}:
|
||||
Debian9-Offline:
|
||||
_BootstrapPrep: true
|
||||
_Container: ${{ parameters.debian9Arm64Container }}
|
||||
_EnablePoison: false
|
||||
_ExcludeOmniSharpTests: false
|
||||
_RunOnline: false
|
||||
Debian9-Offline:
|
||||
_BootstrapPrep: true
|
||||
_Container: ${{ parameters.debian9Arm64Container }}
|
||||
_EnablePoison: false
|
||||
_ExcludeOmniSharpTests: false
|
||||
_RunOnline: false
|
||||
name: Build_Tarball_arm64
|
||||
pool: ${{ parameters.poolInternalArm64 }}
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
<PropertyGroup>
|
||||
<TargetFrameworks>net5.0</TargetFrameworks>
|
||||
<TargetFrameworks>net6.0</TargetFrameworks>
|
||||
<EnableDefaultCompileItems>false</EnableDefaultCompileItems>
|
||||
<RunAnalyzers>false</RunAnalyzers>
|
||||
<Nullable>disable</Nullable>
|
||||
|
|
|
@ -2,6 +2,6 @@
|
|||
<!-- Licensed to the .NET Foundation under one or more agreements. The .NET Foundation licenses this file to you under the MIT license. -->
|
||||
<Project>
|
||||
<PropertyGroup>
|
||||
<SourceBuildTasksAssembly>$(RepoRoot)\artifacts\bin\SourceBuild.Tasks\$(Configuration)\net5.0\SourceBuild.Tasks.dll</SourceBuildTasksAssembly>
|
||||
<SourceBuildTasksAssembly>$(RepoRoot)\artifacts\bin\SourceBuild.Tasks\$(Configuration)\net6.0\SourceBuild.Tasks.dll</SourceBuildTasksAssembly>
|
||||
</PropertyGroup>
|
||||
</Project>
|
|
@ -27,6 +27,7 @@
|
|||
|
||||
<ItemGroup>
|
||||
<UseSourceBuiltSdkOverride Include="@(ArcadeSdkOverride)" />
|
||||
<EnvironmentVariables Include="CheckEolTargetFramework=false" />
|
||||
</ItemGroup>
|
||||
|
||||
<Import Project="Sdk.targets" Sdk="Microsoft.NET.Sdk" />
|
||||
|
|
Loading…
Reference in a new issue