From cd7c6c07055f3c31063da496157c2b0b8ab9e5e8 Mon Sep 17 00:00:00 2001 From: Peter Ombwa Date: Fri, 1 Sep 2023 09:32:16 -0700 Subject: [PATCH 1/3] chore: Use msBuildInfo --- .../common-templates/guardian-analyzer.yml | 19 ++++++++++++------- .../authentication-module.yml | 5 +++-- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/.azure-pipelines/common-templates/guardian-analyzer.yml b/.azure-pipelines/common-templates/guardian-analyzer.yml index 3ebd71a3757..f9926a8d56b 100644 --- a/.azure-pipelines/common-templates/guardian-analyzer.yml +++ b/.azure-pipelines/common-templates/guardian-analyzer.yml @@ -5,10 +5,15 @@ # https://marketplace.visualstudio.com/items?itemName=securedevelopmentteam.vss-secure-development-tools steps: -- task: RoslynAnalyzers@3 - inputs: - userProvideBuildInfo: 'autoMsBuildInfo' - setupCommandlinePicker: 'vs2022' - policyName: 'M365' - env: - SYSTEM_ACCESSTOKEN: $(system.accesstoken) + - task: RoslynAnalyzers@3 + inputs: + userProvideBuildInfo: 'msBuildInfo' + msBuildVersion: '17.0' + msBuildArchitecture: 'x64' + setupCommandlinePicker: 'vs2022' + rulesetName: Recommended + rulesetVersion: Latest + policyName: 'M365' + loadRoslynConfiguredAnalyzersOption: Enable # Keep code generators running + env: + SYSTEM_ACCESSTOKEN: $(system.accesstoken) diff --git a/.azure-pipelines/generation-templates/authentication-module.yml b/.azure-pipelines/generation-templates/authentication-module.yml index 129f6e52793..dfab7a5a611 100644 --- a/.azure-pipelines/generation-templates/authentication-module.yml +++ b/.azure-pipelines/generation-templates/authentication-module.yml @@ -21,8 +21,6 @@ steps: script: | . $(System.DefaultWorkingDirectory)/tools/GenerateAuthenticationModule.ps1 -EnableSigning:$${{ parameters.Sign }} -Build - - template: ../common-templates/guardian-analyzer.yml - - ${{ if eq(parameters.Test, true) }}: - task: PowerShell@2 displayName: Test Authentication Module @@ -53,6 +51,9 @@ steps: $ModulePsm1 = "$(System.DefaultWorkingDirectory)/src/Authentication/Authentication/Microsoft.Graph.Authentication.psm1" ($ModulePsd1 | Get-AuthenticodeSignature).Status | Should -Be "Valid" ($ModulePsm1 | Get-AuthenticodeSignature).Status | Should -Be "Valid" + + # Run analyzer after signing is complete. + - template: ../common-templates/guardian-analyzer.yml - ${{ if eq(parameters.Pack, true) }}: - task: PowerShell@2 From 4f8add032e524f6ec9e371d72dd25aa8b4b7c082 Mon Sep 17 00:00:00 2001 From: Peter Ombwa Date: Fri, 1 Sep 2023 11:40:29 -0700 Subject: [PATCH 2/3] chore: Run dotnet build command line --- .../common-templates/guardian-analyzer.yml | 12 ++++++------ .../generation-templates/authentication-module.yml | 5 ++--- .../Authentication.Core/Properties/AssemblyInfo.cs | 2 ++ .../Authentication/Properties/AssemblyInfo.cs | 2 ++ tools/GenerateAuthenticationModule.ps1 | 3 +++ 5 files changed, 15 insertions(+), 9 deletions(-) diff --git a/.azure-pipelines/common-templates/guardian-analyzer.yml b/.azure-pipelines/common-templates/guardian-analyzer.yml index f9926a8d56b..6f897f41f08 100644 --- a/.azure-pipelines/common-templates/guardian-analyzer.yml +++ b/.azure-pipelines/common-templates/guardian-analyzer.yml @@ -6,14 +6,14 @@ steps: - task: RoslynAnalyzers@3 + displayName: 'Run Roslyn Analyzers' inputs: - userProvideBuildInfo: 'msBuildInfo' - msBuildVersion: '17.0' - msBuildArchitecture: 'x64' + continueOnError: true + msBuildVersion: 17.0 + msBuildArchitecture: amd64 + msBuildCommandline: | + dotnet.exe build $(Build.SourcesDirectory)\src\Authentication /p:Platform="Any CPU" /p:Configuration="Release" setupCommandlinePicker: 'vs2022' - rulesetName: Recommended - rulesetVersion: Latest policyName: 'M365' - loadRoslynConfiguredAnalyzersOption: Enable # Keep code generators running env: SYSTEM_ACCESSTOKEN: $(system.accesstoken) diff --git a/.azure-pipelines/generation-templates/authentication-module.yml b/.azure-pipelines/generation-templates/authentication-module.yml index dfab7a5a611..129f6e52793 100644 --- a/.azure-pipelines/generation-templates/authentication-module.yml +++ b/.azure-pipelines/generation-templates/authentication-module.yml @@ -21,6 +21,8 @@ steps: script: | . $(System.DefaultWorkingDirectory)/tools/GenerateAuthenticationModule.ps1 -EnableSigning:$${{ parameters.Sign }} -Build + - template: ../common-templates/guardian-analyzer.yml + - ${{ if eq(parameters.Test, true) }}: - task: PowerShell@2 displayName: Test Authentication Module @@ -51,9 +53,6 @@ steps: $ModulePsm1 = "$(System.DefaultWorkingDirectory)/src/Authentication/Authentication/Microsoft.Graph.Authentication.psm1" ($ModulePsd1 | Get-AuthenticodeSignature).Status | Should -Be "Valid" ($ModulePsm1 | Get-AuthenticodeSignature).Status | Should -Be "Valid" - - # Run analyzer after signing is complete. - - template: ../common-templates/guardian-analyzer.yml - ${{ if eq(parameters.Pack, true) }}: - task: PowerShell@2 diff --git a/src/Authentication/Authentication.Core/Properties/AssemblyInfo.cs b/src/Authentication/Authentication.Core/Properties/AssemblyInfo.cs index 47dc954fb32..27764442dc5 100644 --- a/src/Authentication/Authentication.Core/Properties/AssemblyInfo.cs +++ b/src/Authentication/Authentication.Core/Properties/AssemblyInfo.cs @@ -2,4 +2,6 @@ #if DEBUG [assembly: InternalsVisibleTo("Microsoft.Graph.Authentication.Test")] +#else +[assembly: InternalsVisibleTo("Microsoft.Graph.Authentication.Test, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")] #endif diff --git a/src/Authentication/Authentication/Properties/AssemblyInfo.cs b/src/Authentication/Authentication/Properties/AssemblyInfo.cs index 47dc954fb32..27764442dc5 100644 --- a/src/Authentication/Authentication/Properties/AssemblyInfo.cs +++ b/src/Authentication/Authentication/Properties/AssemblyInfo.cs @@ -2,4 +2,6 @@ #if DEBUG [assembly: InternalsVisibleTo("Microsoft.Graph.Authentication.Test")] +#else +[assembly: InternalsVisibleTo("Microsoft.Graph.Authentication.Test, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")] #endif diff --git a/tools/GenerateAuthenticationModule.ps1 b/tools/GenerateAuthenticationModule.ps1 index d9ecc17eb1b..6d71c22f35d 100644 --- a/tools/GenerateAuthenticationModule.ps1 +++ b/tools/GenerateAuthenticationModule.ps1 @@ -44,11 +44,14 @@ if ($null -eq $ModuleMetadata.versions.authentication.version) { # Build and pack generated module. if ($Build -or $Run) { $AuthCoreCSProj = Join-Path $AuthSrcPath "$ModuleName.Core" "$ModuleFullName.Core.csproj" + $AuthTestCSProj = Join-Path $AuthSrcPath "$ModuleName.Test" "$ModuleFullName.Test.csproj" if ($EnableSigning) { Set-CSProjValues -ModuleCsProj $AuthCoreCSProj -AssemblyOriginatorKeyFile $ModuleMetadata.assemblyOriginatorKeyFile -ModuleVersion $ModuleMetadata.versions.authentication.version -PreRelease $ModuleMetadata.versions.authentication.prerelease + Set-CSProjValues -ModuleCsProj $AuthTestCSProj -AssemblyOriginatorKeyFile $ModuleMetadata.assemblyOriginatorKeyFile -ModuleVersion $ModuleMetadata.versions.authentication.version -PreRelease $ModuleMetadata.versions.authentication.prerelease } else { Set-CSProjValues -ModuleCsProj $AuthCoreCSProj -ModuleVersion $ModuleMetadata.versions.authentication.version -PreRelease $ModuleMetadata.versions.authentication.prerelease + Set-CSProjValues -ModuleCsProj $AuthTestCSProj -ModuleVersion $ModuleMetadata.versions.authentication.version -PreRelease $ModuleMetadata.versions.authentication.prerelease } & $BuildModulePS1 -ModuleFullName $ModuleFullName -ModuleSrc $AuthModulePath -EnableSigning:$EnableSigning -Version $ModuleMetadata.versions.authentication.version -Prerelease $ModuleMetadata.versions.authentication.prerelease -ModuleMetadata $ModuleMetadata.Clone() } From b01a93709bfdf4d5fa481946e07c18f581f15329 Mon Sep 17 00:00:00 2001 From: Peter Ombwa Date: Fri, 1 Sep 2023 13:58:32 -0700 Subject: [PATCH 3/3] chore: Run analysis after build & sign --- .../generation-templates/authentication-module.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.azure-pipelines/generation-templates/authentication-module.yml b/.azure-pipelines/generation-templates/authentication-module.yml index 129f6e52793..86b7171a52b 100644 --- a/.azure-pipelines/generation-templates/authentication-module.yml +++ b/.azure-pipelines/generation-templates/authentication-module.yml @@ -21,8 +21,6 @@ steps: script: | . $(System.DefaultWorkingDirectory)/tools/GenerateAuthenticationModule.ps1 -EnableSigning:$${{ parameters.Sign }} -Build - - template: ../common-templates/guardian-analyzer.yml - - ${{ if eq(parameters.Test, true) }}: - task: PowerShell@2 displayName: Test Authentication Module @@ -62,3 +60,6 @@ steps: pwsh: true script: | . $(System.DefaultWorkingDirectory)/tools/GenerateAuthenticationModule.ps1 -Pack -ArtifactsLocation $(Build.ArtifactStagingDirectory) + + # Run analyzer after build & sign. + - template: ../common-templates/guardian-analyzer.yml