Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: Fix Component Governance in Composer DevOps pipeline #9257

Merged
merged 9 commits into from
Jun 24, 2022
Merged

build: Fix Component Governance in Composer DevOps pipeline #9257

merged 9 commits into from
Jun 24, 2022

Conversation

BruceHaley
Copy link
Contributor

@BruceHaley BruceHaley commented Jun 23, 2022
edited
Loading

Fixes #minor

Description

Implementation of yarn v3 resulted in Component Governance analysis failing to find security vulnerabilities: CG does not handle the new v3 yarn-berry.lock files.

Changes

Add a script to generate imitation yarn v1 yarn.lock files just before CG analysis runs.

@BruceHaley BruceHaley changed the title Fix pipeline Composer DevOps Component Governance Detection build: Fix Component Governance in Composer DevOps pipeline Jun 23, 2022
@coveralls
Copy link

Coverage Status

Coverage remained the same at 54.547% when pulling 860a33a on bruce/cgfix6-22 into a78db0b on main.

@tonyanziano
Copy link
Contributor

Hmm, it looks like the new yarn broke the E2E tests. The E2E runner is somehow using the wrong version of Cypress which is breaking the tests.

I don't think this is related to your change, but the yarn 3 changes we merged earlier this week.

@tonyanziano tonyanziano merged commit b6032af into main Jun 24, 2022
@tonyanziano tonyanziano deleted the bruce/cgfix6-22 branch June 24, 2022 16:13
OEvgeny added a commit to OEvgeny/BotFramework-Composer that referenced this pull request Jun 28, 2022
@OEvgeny
Revert "build: Fix Component Governance in Composer DevOps pipeline (m…
d94c87c 
…icrosoft#9257)"

This reverts commit b6032af.
tonyanziano pushed a commit that referenced this pull request Jun 28, 2022
@OEvgeny
Attempt to fix Cypress caching #2 (#9266)
68d5d4f 
* Attempt to fix cypress caching

* Revert "build: Fix Component Governance in Composer DevOps pipeline (#9257)"

This reverts commit b6032af.

* Fix e2e-ci calling npx instead of yarn
@cwhitten cwhitten mentioned this pull request Aug 15, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tonyanziano tonyanziano tonyanziano approved these changes

@a-b-r-o-w-n a-b-r-o-w-n a-b-r-o-w-n approved these changes

@cwhitten cwhitten Awaiting requested review from cwhitten

@boydc2014 boydc2014 Awaiting requested review from boydc2014

Assignees

@tonyanziano tonyanziano

@a-b-r-o-w-n a-b-r-o-w-n

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@BruceHaley @coveralls @tonyanziano @a-b-r-o-w-n