build: Fix Component Governance in Composer DevOps pipeline (microsof…

…t#9257) * Test copy-rename file. * Add dir workspace * Set up for CG * Copy all * Gin up yarn.lock files * Instead, delete all 'npm:' * Replace 'resolution:' in lock file * Revert the "resolution" hack. * Cleanup
OEvgeny · Jun 24, 2022 · b6032af · b6032af
1 parent a78db0b
commit b6032af
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -68,10 +68,33 @@ jobs:
     pool:
       vmImage: ubuntu-latest
     steps:
+      - powershell: |
+          # Gin up imitation v1 yarn.lock files to aid Component Governance Detection analysis. The method:
+          # Find v3 yarn-berry.lock files. From each, generate a yarn.lock file, deleting all occurrences of 'npm:'.
+          # This allows CG to work with yarn v3.
+          $find = 'npm:';
+          $replace = '';
+
+          Get-ChildItem -Recurse -Path '**/yarn-berry.lock' | % {
+            $source = $_.FullName;
+            $dest = $_.DirectoryName + "/yarn.lock"
+            Write-Host $source;
+            Write-Host $dest;
+            Copy-Item -Path $source -Destination $dest -Force
+
+            $content = Get-Content -Raw $dest;
+            $content -Replace "$find", "$replace" | Set-Content $dest;
+
+            '--------------------'; get-content $dest; '====================';
+          }
+        displayName: Generate "yarn.lock" files for CG Detection
+        continueOnError: true
+
       - task: ComponentGovernanceComponentDetection@0
         displayName: Component Detection
         inputs:
           scanType: "Register"
           verbosity: "Verbose"
           alertWarningLevel: "High"
           failOnAlert: true
+