-
Notifications
You must be signed in to change notification settings - Fork 256
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update dependencies from https://github.com/dotnet/arcade build 20190…
…604.1 (#539) - Microsoft.DotNet.Arcade.Sdk - 1.0.0-beta.19304.1 - Microsoft.DotNet.Helix.Sdk - 2.0.0-beta.19304.1
- Loading branch information
1 parent
b12a5b2
commit 2e05afc
Showing
8 changed files
with
284 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
<?xml version="1.0" encoding="utf-8"?> | ||
<configuration> | ||
<solution> | ||
<add key="disableSourceControlIntegration" value="true" /> | ||
</solution> | ||
<packageSources> | ||
<clear /> | ||
<add key="guardian" value="https://securitytools.pkgs.visualstudio.com/_packaging/Guardian/nuget/v3/index.json" /> | ||
</packageSources> | ||
<disabledPackageSources> | ||
<clear /> | ||
</disabledPackageSources> | ||
</configuration> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
Param( | ||
[string] $GuardianPackageName, # Required: the name of guardian CLI pacakge (not needed if GuardianCliLocation is specified) | ||
[string] $NugetPackageDirectory, # Required: directory where NuGet packages are installed (not needed if GuardianCliLocation is specified) | ||
[string] $GuardianCliLocation, # Optional: Direct location of Guardian CLI executable if GuardianPackageName & NugetPackageDirectory are not specified | ||
[string] $Repository, # Required: the name of the repository (e.g. dotnet/arcade) | ||
[string] $BranchName="master", # Optional: name of branch or version of gdn settings; defaults to master | ||
[string] $SourceDirectory, # Required: the directory where source files are located | ||
[string] $ArtifactsDirectory, # Required: the directory where build artifacts are located | ||
[string] $DncEngAccessToken, # Required: access token for dnceng; should be provided via KeyVault | ||
[string[]] $SourceToolsList, # Optional: list of SDL tools to run on source code | ||
[string[]] $ArtifactToolsList, # Optional: list of SDL tools to run on built artifacts | ||
[bool] $TsaPublish=$False, # Optional: true will publish results to TSA; only set to true after onboarding to TSA; TSA is the automated framework used to upload test results as bugs. | ||
[string] $TsaBranchName=$env:BUILD_SOURCEBRANCHNAME, # Optional: required for TSA publish; defaults to $(Build.SourceBranchName); TSA is the automated framework used to upload test results as bugs. | ||
[string] $TsaRepositoryName, # Optional: TSA repository name; will be generated automatically if not submitted; TSA is the automated framework used to upload test results as bugs. | ||
[string] $BuildNumber=$env:BUILD_BUILDNUMBER, # Optional: required for TSA publish; defaults to $(Build.BuildNumber) | ||
[bool] $UpdateBaseline=$False, # Optional: if true, will update the baseline in the repository; should only be run after fixing any issues which need to be fixed | ||
[bool] $TsaOnboard=$False, # Optional: if true, will onboard the repository to TSA; should only be run once; TSA is the automated framework used to upload test results as bugs. | ||
[string] $TsaInstanceUrl, # Optional: only needed if TsaOnboard or TsaPublish is true; the instance-url registered with TSA; TSA is the automated framework used to upload test results as bugs. | ||
[string] $TsaCodebaseName, # Optional: only needed if TsaOnboard or TsaPublish is true; the name of the codebase registered with TSA; TSA is the automated framework used to upload test results as bugs. | ||
[string] $TsaProjectName, # Optional: only needed if TsaOnboard or TsaPublish is true; the name of the project registered with TSA; TSA is the automated framework used to upload test results as bugs. | ||
[string] $TsaNotificationEmail, # Optional: only needed if TsaOnboard is true; the email(s) which will receive notifications of TSA bug filings (e.g. alias@microsoft.com); TSA is the automated framework used to upload test results as bugs. | ||
[string] $TsaCodebaseAdmin, # Optional: only needed if TsaOnboard is true; the aliases which are admins of the TSA codebase (e.g. DOMAIN\alias); TSA is the automated framework used to upload test results as bugs. | ||
[string] $TsaBugAreaPath, # Optional: only needed if TsaOnboard is true; the area path where TSA will file bugs in AzDO; TSA is the automated framework used to upload test results as bugs. | ||
[string] $TsaIterationPath, # Optional: only needed if TsaOnboard is true; the iteration path where TSA will file bugs in AzDO; TSA is the automated framework used to upload test results as bugs. | ||
[string] $GuardianLoggerLevel="Standard" # Optional: the logger level for the Guardian CLI; options are Trace, Verbose, Standard, Warning, and Error | ||
) | ||
|
||
$ErrorActionPreference = "Stop" | ||
Set-StrictMode -Version 2.0 | ||
$LASTEXITCODE = 0 | ||
|
||
#Replace repo names to the format of org/repo | ||
if (!($Repository.contains('/'))) { | ||
$RepoName = $Repository -replace '(.*?)-(.*)', '$1/$2'; | ||
} | ||
else{ | ||
$RepoName = $Repository; | ||
} | ||
|
||
if ($GuardianPackageName) { | ||
$guardianCliLocation = Join-Path $NugetPackageDirectory (Join-Path $GuardianPackageName (Join-Path "tools" "guardian.cmd")) | ||
} else { | ||
$guardianCliLocation = $GuardianCliLocation | ||
} | ||
|
||
$ValidPath = Test-Path $guardianCliLocation | ||
|
||
if ($ValidPath -eq $False) | ||
{ | ||
Write-Host "Invalid Guardian CLI Location." | ||
exit 1 | ||
} | ||
|
||
& $(Join-Path $PSScriptRoot "init-sdl.ps1") -GuardianCliLocation $guardianCliLocation -Repository $RepoName -BranchName $BranchName -WorkingDirectory $ArtifactsDirectory -DncEngAccessToken $DncEngAccessToken -GuardianLoggerLevel $GuardianLoggerLevel | ||
$gdnFolder = Join-Path $ArtifactsDirectory ".gdn" | ||
|
||
if ($TsaOnboard) { | ||
if ($TsaCodebaseName -and $TsaNotificationEmail -and $TsaCodebaseAdmin -and $TsaBugAreaPath) { | ||
Write-Host "$guardianCliLocation tsa-onboard --codebase-name `"$TsaCodebaseName`" --notification-alias `"$TsaNotificationEmail`" --codebase-admin `"$TsaCodebaseAdmin`" --instance-url `"$TsaInstanceUrl`" --project-name `"$TsaProjectName`" --area-path `"$TsaBugAreaPath`" --iteration-path `"$TsaIterationPath`" --working-directory $ArtifactsDirectory --logger-level $GuardianLoggerLevel" | ||
& $guardianCliLocation tsa-onboard --codebase-name "$TsaCodebaseName" --notification-alias "$TsaNotificationEmail" --codebase-admin "$TsaCodebaseAdmin" --instance-url "$TsaInstanceUrl" --project-name "$TsaProjectName" --area-path "$TsaBugAreaPath" --iteration-path "$TsaIterationPath" --working-directory $ArtifactsDirectory --logger-level $GuardianLoggerLevel | ||
if ($LASTEXITCODE -ne 0) { | ||
Write-Host "Guardian tsa-onboard failed with exit code $LASTEXITCODE." | ||
exit $LASTEXITCODE | ||
} | ||
} else { | ||
Write-Host "Could not onboard to TSA -- not all required values ($$TsaCodebaseName, $$TsaNotificationEmail, $$TsaCodebaseAdmin, $$TsaBugAreaPath) were specified." | ||
exit 1 | ||
} | ||
} | ||
|
||
if ($ArtifactToolsList -and $ArtifactToolsList.Count -gt 0) { | ||
& $(Join-Path $PSScriptRoot "run-sdl.ps1") -GuardianCliLocation $guardianCliLocation -WorkingDirectory $ArtifactsDirectory -TargetDirectory $ArtifactsDirectory -GdnFolder $gdnFolder -ToolsList $ArtifactToolsList -DncEngAccessToken $DncEngAccessToken -UpdateBaseline $UpdateBaseline -GuardianLoggerLevel $GuardianLoggerLevel | ||
} | ||
if ($SourceToolsList -and $SourceToolsList.Count -gt 0) { | ||
& $(Join-Path $PSScriptRoot "run-sdl.ps1") -GuardianCliLocation $guardianCliLocation -WorkingDirectory $ArtifactsDirectory -TargetDirectory $SourceDirectory -GdnFolder $gdnFolder -ToolsList $SourceToolsList -DncEngAccessToken $DncEngAccessToken -UpdateBaseline $UpdateBaseline -GuardianLoggerLevel $GuardianLoggerLevel | ||
} | ||
|
||
if ($UpdateBaseline) { | ||
& (Join-Path $PSScriptRoot "push-gdn.ps1") -Repository $RepoName -BranchName $BranchName -GdnFolder $GdnFolder -DncEngAccessToken $DncEngAccessToken -PushReason "Update baseline" | ||
} | ||
|
||
if ($TsaPublish) { | ||
if ($TsaBranchName -and $BuildNumber) { | ||
if (-not $TsaRepositoryName) { | ||
$TsaRepositoryName = "$($Repository)-$($BranchName)" | ||
} | ||
Write-Host "$guardianCliLocation tsa-publish --all-tools --repository-name `"$TsaRepositoryName`" --branch-name `"$TsaBranchName`" --build-number `"$BuildNumber`" --codebase-name `"$TsaCodebaseName`" --notification-alias `"$TsaNotificationEmail`" --codebase-admin `"$TsaCodebaseAdmin`" --instance-url `"$TsaInstanceUrl`" --project-name `"$TsaProjectName`" --area-path `"$TsaBugAreaPath`" --iteration-path `"$TsaIterationPath`" --working-directory $SourceDirectory --logger-level $GuardianLoggerLevel" | ||
& $guardianCliLocation tsa-publish --all-tools --repository-name "$TsaRepositoryName" --branch-name "$TsaBranchName" --build-number "$BuildNumber" --codebase-name "$TsaCodebaseName" --notification-alias "$TsaNotificationEmail" --codebase-admin "$TsaCodebaseAdmin" --instance-url "$TsaInstanceUrl" --project-name "$TsaProjectName" --area-path "$TsaBugAreaPath" --iteration-path "$TsaIterationPath" --working-directory $ArtifactsDirectory --logger-level $GuardianLoggerLevel | ||
if ($LASTEXITCODE -ne 0) { | ||
Write-Host "Guardian tsa-publish failed with exit code $LASTEXITCODE." | ||
exit $LASTEXITCODE | ||
} | ||
} else { | ||
Write-Host "Could not publish to TSA -- not all required values ($$TsaBranchName, $$BuildNumber) were specified." | ||
exit 1 | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
Param( | ||
[string] $GuardianCliLocation, | ||
[string] $Repository, | ||
[string] $BranchName="master", | ||
[string] $WorkingDirectory, | ||
[string] $DncEngAccessToken, | ||
[string] $GuardianLoggerLevel="Standard" | ||
) | ||
|
||
$ErrorActionPreference = "Stop" | ||
Set-StrictMode -Version 2.0 | ||
$LASTEXITCODE = 0 | ||
|
||
# Construct basic auth from AzDO access token; construct URI to the repository's gdn folder stored in that repository; construct location of zip file | ||
$encodedPat = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$DncEngAccessToken")) | ||
$escapedRepository = [Uri]::EscapeDataString("/$Repository/$BranchName/.gdn") | ||
$uri = "https://dev.azure.com/dnceng/internal/_apis/git/repositories/sdl-tool-cfg/Items?path=$escapedRepository&versionDescriptor[versionOptions]=0&`$format=zip&api-version=5.0-preview.1" | ||
$zipFile = "$WorkingDirectory/gdn.zip" | ||
|
||
Add-Type -AssemblyName System.IO.Compression.FileSystem | ||
$gdnFolder = (Join-Path $WorkingDirectory ".gdn") | ||
Try | ||
{ | ||
# We try to download the zip; if the request fails (e.g. the file doesn't exist), we catch it and init guardian instead | ||
Write-Host "Downloading gdn folder from internal config repostiory..." | ||
Invoke-WebRequest -Headers @{ "Accept"="application/zip"; "Authorization"="Basic $encodedPat" } -Uri $uri -OutFile $zipFile | ||
if (Test-Path $gdnFolder) { | ||
# Remove the gdn folder if it exists (it shouldn't unless there's too much caching; this is just in case) | ||
Remove-Item -Force -Recurse $gdnFolder | ||
} | ||
[System.IO.Compression.ZipFile]::ExtractToDirectory($zipFile, $WorkingDirectory) | ||
Write-Host $gdnFolder | ||
} Catch [System.Net.WebException] { | ||
# if the folder does not exist, we'll do a guardian init and push it to the remote repository | ||
Write-Host "Initializing Guardian..." | ||
Write-Host "$GuardianCliLocation init --working-directory $WorkingDirectory --logger-level $GuardianLoggerLevel" | ||
& $GuardianCliLocation init --working-directory $WorkingDirectory --logger-level $GuardianLoggerLevel | ||
if ($LASTEXITCODE -ne 0) { | ||
Write-Error "Guardian init failed with exit code $LASTEXITCODE." | ||
} | ||
# We create the mainbaseline so it can be edited later | ||
Write-Host "$GuardianCliLocation baseline --working-directory $WorkingDirectory --name mainbaseline" | ||
& $GuardianCliLocation baseline --working-directory $WorkingDirectory --name mainbaseline | ||
if ($LASTEXITCODE -ne 0) { | ||
Write-Error "Guardian baseline failed with exit code $LASTEXITCODE." | ||
} | ||
& $(Join-Path $PSScriptRoot "push-gdn.ps1") -Repository $Repository -BranchName $BranchName -GdnFolder $gdnFolder -DncEngAccessToken $DncEngAccessToken -PushReason "Initialize gdn folder" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
<?xml version="1.0" encoding="utf-8"?> | ||
<packages> | ||
<package id="Microsoft.Guardian.Cli" version="0.3.2"/> | ||
</packages> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
Param( | ||
[string] $Repository, | ||
[string] $BranchName="master", | ||
[string] $GdnFolder, | ||
[string] $DncEngAccessToken, | ||
[string] $PushReason | ||
) | ||
|
||
$ErrorActionPreference = "Stop" | ||
Set-StrictMode -Version 2.0 | ||
$LASTEXITCODE = 0 | ||
|
||
# We create the temp directory where we'll store the sdl-config repository | ||
$sdlDir = Join-Path $env:TEMP "sdl" | ||
if (Test-Path $sdlDir) { | ||
Remove-Item -Force -Recurse $sdlDir | ||
} | ||
|
||
Write-Host "git clone https://dnceng:`$DncEngAccessToken@dev.azure.com/dnceng/internal/_git/sdl-tool-cfg $sdlDir" | ||
git clone https://dnceng:$DncEngAccessToken@dev.azure.com/dnceng/internal/_git/sdl-tool-cfg $sdlDir | ||
if ($LASTEXITCODE -ne 0) { | ||
Write-Error "Git clone failed with exit code $LASTEXITCODE." | ||
} | ||
# We copy the .gdn folder from our local run into the git repository so it can be committed | ||
$sdlRepositoryFolder = Join-Path (Join-Path (Join-Path $sdlDir $Repository) $BranchName) ".gdn" | ||
if (Get-Command Robocopy) { | ||
Robocopy /S $GdnFolder $sdlRepositoryFolder | ||
} else { | ||
rsync -r $GdnFolder $sdlRepositoryFolder | ||
} | ||
# cd to the sdl-config directory so we can run git there | ||
Push-Location $sdlDir | ||
# git add . --> git commit --> git push | ||
Write-Host "git add ." | ||
git add . | ||
if ($LASTEXITCODE -ne 0) { | ||
Write-Error "Git add failed with exit code $LASTEXITCODE." | ||
} | ||
Write-Host "git -c user.email=`"dn-bot@microsoft.com`" -c user.name=`"Dotnet Bot`" commit -m `"$PushReason for $Repository/$BranchName`"" | ||
git -c user.email="dn-bot@microsoft.com" -c user.name="Dotnet Bot" commit -m "$PushReason for $Repository/$BranchName" | ||
if ($LASTEXITCODE -ne 0) { | ||
Write-Error "Git commit failed with exit code $LASTEXITCODE." | ||
} | ||
Write-Host "git push" | ||
git push | ||
if ($LASTEXITCODE -ne 0) { | ||
Write-Error "Git push failed with exit code $LASTEXITCODE." | ||
} | ||
|
||
# Return to the original directory | ||
Pop-Location |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
Param( | ||
[string] $GuardianCliLocation, | ||
[string] $WorkingDirectory, | ||
[string] $TargetDirectory, | ||
[string] $GdnFolder, | ||
[string[]] $ToolsList, | ||
[string] $UpdateBaseline, | ||
[string] $GuardianLoggerLevel="Standard" | ||
) | ||
|
||
$ErrorActionPreference = "Stop" | ||
Set-StrictMode -Version 2.0 | ||
$LASTEXITCODE = 0 | ||
|
||
# We store config files in the r directory of .gdn | ||
Write-Host $ToolsList | ||
$gdnConfigPath = Join-Path $GdnFolder "r" | ||
$ValidPath = Test-Path $GuardianCliLocation | ||
|
||
if ($ValidPath -eq $False) | ||
{ | ||
Write-Host "Invalid Guardian CLI Location." | ||
exit 1 | ||
} | ||
|
||
foreach ($tool in $ToolsList) { | ||
$gdnConfigFile = Join-Path $gdnConfigPath "$tool-configure.gdnconfig" | ||
$config = $False | ||
Write-Host $tool | ||
# We have to manually configure tools that run on source to look at the source directory only | ||
if ($tool -eq "credscan") { | ||
Write-Host "$GuardianCliLocation configure --working-directory $WorkingDirectory --tool $tool --output-path $gdnConfigFile --logger-level $GuardianLoggerLevel --noninteractive --force --args `" TargetDirectory : $TargetDirectory `"" | ||
& $GuardianCliLocation configure --working-directory $WorkingDirectory --tool $tool --output-path $gdnConfigFile --logger-level $GuardianLoggerLevel --noninteractive --force --args " TargetDirectory : $TargetDirectory " | ||
if ($LASTEXITCODE -ne 0) { | ||
Write-Host "Guardian configure for $tool failed with exit code $LASTEXITCODE." | ||
exit $LASTEXITCODE | ||
} | ||
$config = $True | ||
} | ||
if ($tool -eq "policheck") { | ||
Write-Host "$GuardianCliLocation configure --working-directory $WorkingDirectory --tool $tool --output-path $gdnConfigFile --logger-level $GuardianLoggerLevel --noninteractive --force --args `" Target : $TargetDirectory `"" | ||
& $GuardianCliLocation configure --working-directory $WorkingDirectory --tool $tool --output-path $gdnConfigFile --logger-level $GuardianLoggerLevel --noninteractive --force --args " Target : $TargetDirectory " | ||
if ($LASTEXITCODE -ne 0) { | ||
Write-Host "Guardian configure for $tool failed with exit code $LASTEXITCODE." | ||
exit $LASTEXITCODE | ||
} | ||
$config = $True | ||
} | ||
|
||
Write-Host "$GuardianCliLocation run --working-directory $WorkingDirectory --tool $tool --baseline mainbaseline --update-baseline $UpdateBaseline --logger-level $GuardianLoggerLevel --config $gdnConfigFile $config" | ||
if ($config) { | ||
& $GuardianCliLocation run --working-directory $WorkingDirectory --tool $tool --baseline mainbaseline --update-baseline $UpdateBaseline --logger-level $GuardianLoggerLevel --config $gdnConfigFile | ||
if ($LASTEXITCODE -ne 0) { | ||
Write-Host "Guardian run for $tool using $gdnConfigFile failed with exit code $LASTEXITCODE." | ||
exit $LASTEXITCODE | ||
} | ||
} else { | ||
& $GuardianCliLocation run --working-directory $WorkingDirectory --tool $tool --baseline mainbaseline --update-baseline $UpdateBaseline --logger-level $GuardianLoggerLevel | ||
if ($LASTEXITCODE -ne 0) { | ||
Write-Host "Guardian run for $tool failed with exit code $LASTEXITCODE." | ||
exit $LASTEXITCODE | ||
} | ||
} | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters