Merge branch 'release/6.0.1xx' into release/6.0.3xx

This commit is contained in:
Jason Zhai 2022-11-10 00:29:39 -08:00
commit fa25dc817a
7 changed files with 88 additions and 32 deletions

38
eng/common/sdl/sdl.ps1 Normal file
View file

@ -0,0 +1,38 @@
function Install-Gdn {
param(
[Parameter(Mandatory=$true)]
[string]$Path,
# If omitted, install the latest version of Guardian, otherwise install that specific version.
[string]$Version
)
$ErrorActionPreference = 'Stop'
Set-StrictMode -Version 2.0
$disableConfigureToolsetImport = $true
$global:LASTEXITCODE = 0
# `tools.ps1` checks $ci to perform some actions. Since the SDL
# scripts don't necessarily execute in the same agent that run the
# build.ps1/sh script this variable isn't automatically set.
$ci = $true
. $PSScriptRoot\..\tools.ps1
$argumentList = @("install", "Microsoft.Guardian.Cli", "-Source https://securitytools.pkgs.visualstudio.com/_packaging/Guardian/nuget/v3/index.json", "-OutputDirectory $Path", "-NonInteractive", "-NoCache")
if ($Version) {
$argumentList += "-Version $Version"
}
Start-Process nuget -Verbose -ArgumentList $argumentList -NoNewWindow -Wait
$gdnCliPath = Get-ChildItem -Filter guardian.cmd -Recurse -Path $Path
if (!$gdnCliPath)
{
Write-PipelineTelemetryError -Category 'Sdl' -Message 'Failure installing Guardian'
}
return $gdnCliPath.FullName
}

View file

@ -8,29 +8,28 @@ parameters:
condition: '' condition: ''
steps: steps:
- ${{ if ne(parameters.overrideGuardianVersion, '') }}: - task: NuGetAuthenticate@1
- powershell: | inputs:
$content = Get-Content $(GuardianPackagesConfigFile) nuGetServiceConnections: GuardianConnect
Write-Host "packages.config content was:`n$content"
$content = $content.Replace('$(DefaultGuardianVersion)', '$(GuardianVersion)')
$content | Set-Content $(GuardianPackagesConfigFile)
Write-Host "packages.config content updated to:`n$content"
displayName: Use overridden Guardian version ${{ parameters.overrideGuardianVersion }}
- task: NuGetToolInstaller@1 - task: NuGetToolInstaller@1
displayName: 'Install NuGet.exe' displayName: 'Install NuGet.exe'
- task: NuGetCommand@2 - ${{ if ne(parameters.overrideGuardianVersion, '') }}:
displayName: 'Install Guardian' - pwsh: |
inputs: Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
restoreSolution: $(Build.SourcesDirectory)\eng\common\sdl\packages.config . .\sdl.ps1
feedsToUse: config $guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts -Version ${{ parameters.overrideGuardianVersion }}
nugetConfigPath: $(Build.SourcesDirectory)\eng\common\sdl\NuGet.config Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
externalFeedCredentials: GuardianConnect displayName: Install Guardian (Overridden)
restoreDirectory: $(Build.SourcesDirectory)\.packages
- ${{ if eq(parameters.overrideGuardianVersion, '') }}:
- pwsh: |
Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
. .\sdl.ps1
$guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts
Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
displayName: Install Guardian
- ${{ if ne(parameters.overrideParameters, '') }}: - ${{ if ne(parameters.overrideParameters, '') }}:
- powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }} - powershell: ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }}
@ -40,7 +39,7 @@ steps:
- ${{ if eq(parameters.overrideParameters, '') }}: - ${{ if eq(parameters.overrideParameters, '') }}:
- powershell: ${{ parameters.executeAllSdlToolsScript }} - powershell: ${{ parameters.executeAllSdlToolsScript }}
-GuardianPackageName Microsoft.Guardian.Cli.$(GuardianVersion) -GuardianCliLocation $(GuardianCliLocation)
-NugetPackageDirectory $(Build.SourcesDirectory)\.packages -NugetPackageDirectory $(Build.SourcesDirectory)\.packages
-AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw) -AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
${{ parameters.additionalParameters }} ${{ parameters.additionalParameters }}
@ -62,7 +61,28 @@ steps:
c c
i i
condition: succeededOrFailed() condition: succeededOrFailed()
- publish: $(Agent.BuildDirectory)/.gdn - publish: $(Agent.BuildDirectory)/.gdn
artifact: GuardianConfiguration artifact: GuardianConfiguration
displayName: Publish GuardianConfiguration displayName: Publish GuardianConfiguration
condition: succeededOrFailed() condition: succeededOrFailed()
# Publish the SARIF files in a container named CodeAnalysisLogs to enable integration
# with the "SARIF SAST Scans Tab" Azure DevOps extension
- task: CopyFiles@2
displayName: Copy SARIF files
inputs:
flattenFolders: true
sourceFolder: $(Agent.BuildDirectory)/.gdn/rc/
contents: '**/*.sarif'
targetFolder: $(Build.SourcesDirectory)/CodeAnalysisLogs
condition: succeededOrFailed()
# Use PublishBuildArtifacts because the SARIF extension only checks this case
# see microsoft/sarif-azuredevops-extension#4
- task: PublishBuildArtifacts@1
displayName: Publish SARIF files to CodeAnalysisLogs container
inputs:
pathToPublish: $(Build.SourcesDirectory)/CodeAnalysisLogs
artifactName: CodeAnalysisLogs
condition: succeededOrFailed()

View file

@ -84,22 +84,19 @@ jobs:
${{ else }}: ${{ else }}:
${{ parameters.poolInternalAmd64 }} ${{ parameters.poolInternalAmd64 }}
- ${{ if eq(variables['System.TeamProject'], 'internal') }}: - ${{ if and(eq(variables['System.TeamProject'], 'internal'), ne(variables['Build.Reason'], 'PullRequest')) }}:
- template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml - template: /src/SourceBuild/Arcade/eng/common/templates/job/source-build-build-tarball.yml
parameters: parameters:
architecture: arm64 architecture: arm64
dependsOn: ${{ parameters.dependsOn }} dependsOn: ${{ parameters.dependsOn }}
${{ if in(variables['Build.Reason'], 'PullRequest') }}:
excludeSdkContentTests: true
installerBuildResourceId: ${{ parameters.installerBuildResourceId }} installerBuildResourceId: ${{ parameters.installerBuildResourceId }}
matrix: matrix:
${{ if ne(variables['Build.Reason'], 'PullRequest') }}: Debian9-Offline:
Debian9-Offline: _BootstrapPrep: true
_BootstrapPrep: true _Container: ${{ parameters.debian9Arm64Container }}
_Container: ${{ parameters.debian9Arm64Container }} _EnablePoison: false
_EnablePoison: false _ExcludeOmniSharpTests: false
_ExcludeOmniSharpTests: false _RunOnline: false
_RunOnline: false
name: Build_Tarball_arm64 name: Build_Tarball_arm64
pool: ${{ parameters.poolInternalArm64 }} pool: ${{ parameters.poolInternalArm64 }}

View file

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk"> <Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup> <PropertyGroup>
<TargetFrameworks>net5.0</TargetFrameworks> <TargetFrameworks>net6.0</TargetFrameworks>
<EnableDefaultCompileItems>false</EnableDefaultCompileItems> <EnableDefaultCompileItems>false</EnableDefaultCompileItems>
<RunAnalyzers>false</RunAnalyzers> <RunAnalyzers>false</RunAnalyzers>
<Nullable>disable</Nullable> <Nullable>disable</Nullable>

View file

@ -2,6 +2,6 @@
<!-- Licensed to the .NET Foundation under one or more agreements. The .NET Foundation licenses this file to you under the MIT license. --> <!-- Licensed to the .NET Foundation under one or more agreements. The .NET Foundation licenses this file to you under the MIT license. -->
<Project> <Project>
<PropertyGroup> <PropertyGroup>
<SourceBuildTasksAssembly>$(RepoRoot)\artifacts\bin\SourceBuild.Tasks\$(Configuration)\net5.0\SourceBuild.Tasks.dll</SourceBuildTasksAssembly> <SourceBuildTasksAssembly>$(RepoRoot)\artifacts\bin\SourceBuild.Tasks\$(Configuration)\net6.0\SourceBuild.Tasks.dll</SourceBuildTasksAssembly>
</PropertyGroup> </PropertyGroup>
</Project> </Project>

View file

@ -27,6 +27,7 @@
<ItemGroup> <ItemGroup>
<UseSourceBuiltSdkOverride Include="@(ArcadeSdkOverride)" /> <UseSourceBuiltSdkOverride Include="@(ArcadeSdkOverride)" />
<EnvironmentVariables Include="CheckEolTargetFramework=false" />
</ItemGroup> </ItemGroup>
<Import Project="Sdk.targets" Sdk="Microsoft.NET.Sdk" /> <Import Project="Sdk.targets" Sdk="Microsoft.NET.Sdk" />