@@ -8,101 +8,96 @@ resources:
88 trigger :
99 branches :
1010 - dev
11+ repositories :
12+ - repository : MicroBuildTemplate
13+ type : git
14+ name : 1ESPipelineTemplates/MicroBuildTemplate
15+ ref : refs/tags/release
1116
12- jobs :
13- - job : Static_Analysis
14- displayName : " Static Analysis"
15- timeoutInMinutes : 180
16- pool :
17- name : VSEngSS-MicroBuild2022-1ES
18-
19- steps :
20- - task : CredScan@2
21- inputs :
22- toolMajorVersion : " V2"
17+ variables :
18+ - group : NuGet.Client Build Variables
2319
24- - task : PoliCheck@1
25- inputs :
26- inputType : " Basic"
27- targetType : " F"
28- targetArgument : " $(Build.SourcesDirectory)"
29- result : " PoliCheck.xml"
20+ extends :
21+ template : azure-pipelines/MicroBuild.1ES.Unofficial.yml@MicroBuildTemplate
22+ parameters :
23+ sdl :
24+ sourceAnalysisPool : VSEngSS-MicroBuild2022-1ES
25+ binskim :
26+ enabled : true
27+ scanOutputDirectoryOnly : true
28+ policheck :
29+ enabled : true
30+ suppression :
31+ suppressionFile : $(Build.SourcesDirectory)\.gdn\.gdnsuppress
32+ tsa :
33+ enabled : true
34+ config :
35+ codebaseName : " NuGet.Client_Trusted_dev"
36+ instanceUrl : https://dev.azure.com/devdiv/
37+ projectName : DevDiv
38+ areaPath : " DevDiv\\ NuGet\\ NuGet Clients"
39+ notificationAliases : $(TsaNotificationAliases)
40+ pool :
41+ name : AzurePipelines-EO
42+ image : VSEngSS-MicroBuild2022-1ES
43+ os : windows
44+ stages :
45+ - stage : compliance
46+ displayName : " Run Compliance Tasks"
47+ jobs :
48+ - job : Static_Analysis
49+ displayName : " Static Analysis"
50+ timeoutInMinutes : 180
51+ pool :
52+ name : VSEngSS-MicroBuild2022-1ES
53+ templateContext :
54+ inputs :
55+ - input : pipelineArtifact
56+ pipeline : nugetclientofficial
57+ artifactName : symbols - NonRTM
58+ targetPath : $(Pipeline.Workspace)\symbols\NonRTM
3059
31- - task : DownloadPipelineArtifact@2
32- displayName : " Download symbols - NonRTM artifact"
33- inputs :
34- source : specific
35- project : " devdiv"
36- pipeline : NuGet.Client-Official
37- artifact : " symbols - NonRTM"
38- path : $(Pipeline.Workspace)\symbols\NonRTM
60+ steps :
61+ - pwsh : " Get-ChildItem Env: | Sort-Object Name | Format-Table -Wrap -AutoSize"
62+ displayName : ' Print Environment Variables'
3963
40- # # Run latest version of APIScan listed at https://www.1eswiki.com/wiki/APIScan_Build_Task
41- - task : APIScan@2
42- displayName : Run APIScan
43- inputs :
44- softwareFolder : $(Pipeline.Workspace)\symbols
45- softwareName : " NuGet.Client "
46- softwareVersionNum : " $(Build.BuildId) "
47- isLargeApp : true
48- toolVersion : " Latest "
49- azureSubscription : ' VSEng-APIScanSC '
50- env :
51- AzureServicesAuthConnectionString : RunAs=App;AppId=d318cba7-db4d-4fb3-99e1-01879cb74e91;TenantId=72f988bf-86f1-41af-91ab-2d7cd011db47;ServiceConnectionId=93e24264-c5e6-4681-8175-ec8a41668480;
52- SYSTEM_ACCESSTOKEN : $(System.AccessToken)
64+ - task : APIScan@2
65+ displayName : Run APIScan
66+ inputs :
67+ softwareFolder : $(Pipeline.Workspace)\symbols
68+ softwareName : " NuGet.Client "
69+ softwareVersionNum : " $(Resources.Pipeline.nugetclientofficial.RunName) "
70+ isLargeApp : false
71+ toolVersion : " Latest "
72+ azureSubscription : ' VSEng-APIScanSC '
73+ preserveLogsFolder : true
74+ env :
75+ AzureServicesAuthConnectionString : RunAs=App;AppId=d318cba7-db4d-4fb3-99e1-01879cb74e91;TenantId=72f988bf-86f1-41af-91ab-2d7cd011db47;ServiceConnectionId=93e24264-c5e6-4681-8175-ec8a41668480;
76+ SYSTEM_ACCESSTOKEN : $(System.AccessToken)
5377
54- - task : SdtReport@1
55- displayName : " Generate Analysis Report"
56- inputs :
57- CredScan : true
58- PoliCheck : true
59- APIScan : true
60- ToolLogsNotFoundAction : " Standard"
78+ - pwsh : |
79+ $tsaOptionsPath = Join-Path $env:AGENT_TEMPDIRECTORY 'TSAOptions.json'
80+ Write-Host "TsaNotificationAliases: $env:TSA_NOTIFICATION_ALIASES"
81+ $notificationAliases = @($env:TSA_NOTIFICATION_ALIASES | ConvertFrom-Json)
82+ $tsaOptions = [ordered]@{
83+ tsaVersion = 'TsaV2'
84+ codebaseName = 'NuGet.Client_Trusted_dev'
85+ instanceUrl = 'https://dev.azure.com/devdiv/'
86+ projectName = 'DevDiv'
87+ areaPath = 'DevDiv\\NuGet\\NuGet Clients'
88+ notificationAliases = $notificationAliases
89+ }
6190
62- - task : TSAUpload@1
63- displayName : " Upload to TSA"
64- inputs :
65- tsaVersion : " TsaV2"
66- codebase : " $(TsaCodebase)"
67- tsaEnvironment : " PROD"
68- codeBaseName : " $(TsaCodebaseName)"
69- notificationAlias : " $(TsaNotificationEmail)"
70- codeBaseAdmins : " $(TsaCodebaseAdmins)"
71- instanceUrlForTsaV2 : " $(TsaInstanceUrl)"
72- projectNameDEVDIV : " $(TsaProjectName)"
73- areaPath : " $(TsaBugAreaPath)"
74- iterationPath : " $(TsaIterationPath)"
75- uploadAPIScan : false
76- uploadBinSkim : false
77- uploadCredScan : true
78- uploadFortifySCA : false
79- uploadFxCop : false
80- uploadModernCop : false
81- uploadPoliCheck : true
82- uploadPREfast : false
83- uploadRoslyn : false
84- uploadTSLint : false
85- uploadAsync : true
91+ $json = $tsaOptions | ConvertTo-Json -Depth 5
92+ Write-Host $json
93+ Write-Host "Writing TSA options to $tsaOptionsPath"
94+ $json| Out-File -FilePath $tsaOptionsPath -Encoding utf8 -Force
95+ displayName: Write TSAOptions.json
96+ env:
97+ TSA_NOTIFICATION_ALIASES: $(TsaNotificationAliases)
8698
87- - task : PublishSecurityAnalysisLogs@2
88- displayName : " Publish CodeAnalysis Logs"
89- inputs :
90- ArtifactName : " CodeAnalysisLogs"
91- ArtifactType : " Container"
92- AllTools : false
93- AntiMalware : false
94- APIScan : true
95- BinSkim : false
96- CodesignValidation : false
97- CredScan : true
98- FortifySCA : false
99- FxCop : false
100- ModernCop : false
101- MSRD : false
102- PoliCheck : true
103- RoslynAnalyzers : false
104- SDLNativeRules : false
105- Semmle : false
106- TSLint : false
107- WebScout : false
108- ToolLogsNotFoundAction : " Standard"
99+ task : TSAUpload@2
100+ displayName : TSA upload
101+ inputs :
102+ GdnPublishTsaOnboard : True
103+ GdnPublishTsaConfigFile : $(Agent.TempDirectory)\TSAOptions.json
0 commit comments