-
Notifications
You must be signed in to change notification settings - Fork 354
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add CodeQL pipeline * Fixup * Fix image * myget feeds * Fix nuget.config * Fix build invocation * fix nuget.config * Fix build steps * Spacing * Remove .DS_Store files
- Loading branch information
Showing
32 changed files
with
2,297 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
parameters: | ||
# Optionally do not publish to TSA. Useful for e.g. verifying fixes before PR. | ||
- name: TSAEnabled | ||
displayName: Publish results to TSA | ||
type: boolean | ||
default: true | ||
|
||
variables: | ||
- template: eng/common/templates/variables/pool-providers.yml | ||
# CG is handled in the primary CI pipeline | ||
- name: skipComponentGovernanceDetection | ||
value: true | ||
# Force CodeQL enabled so it may be run on any branch | ||
- name: Codeql.Enabled | ||
value: true | ||
# Do not let CodeQL 3000 Extension gate scan frequency | ||
- name: Codeql.Cadence | ||
value: 0 | ||
- name: Codeql.SourceRoot | ||
value: src | ||
# CodeQL needs this plumbed along as a variable to enable TSA | ||
- name: Codeql.TSAEnabled | ||
value: ${{ parameters.TSAEnabled }} | ||
# Default expects tsaoptions.json under SourceRoot. | ||
- name: Codeql.TSAOptionsPath | ||
value: '$(Build.SourcesDirectory)/.config/tsaoptions.json' | ||
|
||
# Build variables | ||
- name: _BuildConfig | ||
value: Release | ||
|
||
trigger: none | ||
|
||
schedules: | ||
- cron: 0 12 * * 1 | ||
displayName: Weekly Monday CodeQL run | ||
branches: | ||
include: | ||
- main | ||
always: true | ||
|
||
jobs: | ||
- job: codeql | ||
displayName: CodeQL | ||
pool: | ||
name: NetCore1ESPool-Internal | ||
demands: ImageOverride -equals windows.vs2017.amd64 | ||
timeoutInMinutes: 90 | ||
|
||
steps: | ||
|
||
- task: UseDotNet@2 | ||
inputs: | ||
useGlobalJson: true | ||
|
||
- task: CodeQL3000Init@0 | ||
displayName: CodeQL Initialize | ||
|
||
- script: .\build.cmd EnableSkipStrongNames | ||
displayName: Windows Build - EnableSkipStrongNames | ||
|
||
- script: .\build.cmd | ||
displayName: Windows Build | ||
|
||
- task: CodeQL3000Finalize@0 | ||
displayName: CodeQL Finalize |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
{ | ||
"areaPath": "DevDiv\\ASP.NET Core", | ||
"codebaseName": "AspNetWebStack", | ||
"instanceUrl": "https://devdiv.visualstudio.com/", | ||
"iterationPath": "DevDiv", | ||
"notificationAliases": [ | ||
"aspnetcore-build@microsoft.com" | ||
], | ||
"projectName": "DEVDIV", | ||
"repositoryName": "AspNetWebStack", | ||
"template": "TFSDEVDIV" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,134 @@ | ||
parameters: | ||
enable: 'false' # Whether the SDL validation job should execute or not | ||
overrideParameters: '' # Optional: to override values for parameters. | ||
additionalParameters: '' # Optional: parameters that need user specific values eg: '-SourceToolsList @("abc","def") -ArtifactToolsList @("ghi","jkl")' | ||
# Optional: if specified, restore and use this version of Guardian instead of the default. | ||
overrideGuardianVersion: '' | ||
# Optional: if true, publish the '.gdn' folder as a pipeline artifact. This can help with in-depth | ||
# diagnosis of problems with specific tool configurations. | ||
publishGuardianDirectoryToPipeline: false | ||
# The script to run to execute all SDL tools. Use this if you want to use a script to define SDL | ||
# parameters rather than relying on YAML. It may be better to use a local script, because you can | ||
# reproduce results locally without piecing together a command based on the YAML. | ||
executeAllSdlToolsScript: 'eng/common/sdl/execute-all-sdl-tools.ps1' | ||
# There is some sort of bug (has been reported) in Azure DevOps where if this parameter is named | ||
# 'continueOnError', the parameter value is not correctly picked up. | ||
# This can also be remedied by the caller (post-build.yml) if it does not use a nested parameter | ||
sdlContinueOnError: false # optional: determines whether to continue the build if the step errors; | ||
# optional: determines if build artifacts should be downloaded. | ||
downloadArtifacts: true | ||
# optional: determines if this job should search the directory of downloaded artifacts for | ||
# 'tar.gz' and 'zip' archive files and extract them before running SDL validation tasks. | ||
extractArchiveArtifacts: false | ||
dependsOn: '' # Optional: dependencies of the job | ||
artifactNames: '' # Optional: patterns supplied to DownloadBuildArtifacts | ||
# Usage: | ||
# artifactNames: | ||
# - 'BlobArtifacts' | ||
# - 'Artifacts_Windows_NT_Release' | ||
# Optional: download a list of pipeline artifacts. 'downloadArtifacts' controls build artifacts, | ||
# not pipeline artifacts, so doesn't affect the use of this parameter. | ||
pipelineArtifactNames: [] | ||
|
||
jobs: | ||
- job: Run_SDL | ||
dependsOn: ${{ parameters.dependsOn }} | ||
displayName: Run SDL tool | ||
condition: and(succeededOrFailed(), eq( ${{ parameters.enable }}, 'true')) | ||
variables: | ||
- group: DotNet-VSTS-Bot | ||
- name: AzDOProjectName | ||
value: ${{ parameters.AzDOProjectName }} | ||
- name: AzDOPipelineId | ||
value: ${{ parameters.AzDOPipelineId }} | ||
- name: AzDOBuildId | ||
value: ${{ parameters.AzDOBuildId }} | ||
- template: /eng/common/templates/variables/sdl-variables.yml | ||
- name: GuardianVersion | ||
value: ${{ coalesce(parameters.overrideGuardianVersion, '$(DefaultGuardianVersion)') }} | ||
- template: /eng/common/templates/variables/pool-providers.yml | ||
pool: | ||
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com) | ||
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}: | ||
name: VSEngSS-MicroBuild2022-1ES | ||
demands: Cmd | ||
# If it's not devdiv, it's dnceng | ||
${{ if ne(variables['System.TeamProject'], 'DevDiv') }}: | ||
name: $(DncEngInternalBuildPool) | ||
demands: ImageOverride -equals windows.vs2019.amd64 | ||
steps: | ||
- checkout: self | ||
clean: true | ||
|
||
# If the template caller didn't provide an AzDO parameter, set them all up as Maestro vars. | ||
- ${{ if not(and(parameters.AzDOProjectName, parameters.AzDOPipelineId, parameters.AzDOBuildId)) }}: | ||
- template: /eng/common/templates/post-build/setup-maestro-vars.yml | ||
|
||
- ${{ if ne(parameters.downloadArtifacts, 'false')}}: | ||
- ${{ if ne(parameters.artifactNames, '') }}: | ||
- ${{ each artifactName in parameters.artifactNames }}: | ||
- task: DownloadBuildArtifacts@0 | ||
displayName: Download Build Artifacts | ||
inputs: | ||
buildType: specific | ||
buildVersionToDownload: specific | ||
project: $(AzDOProjectName) | ||
pipeline: $(AzDOPipelineId) | ||
buildId: $(AzDOBuildId) | ||
artifactName: ${{ artifactName }} | ||
downloadPath: $(Build.ArtifactStagingDirectory)\artifacts | ||
checkDownloadedFiles: true | ||
- ${{ if eq(parameters.artifactNames, '') }}: | ||
- task: DownloadBuildArtifacts@0 | ||
displayName: Download Build Artifacts | ||
inputs: | ||
buildType: specific | ||
buildVersionToDownload: specific | ||
project: $(AzDOProjectName) | ||
pipeline: $(AzDOPipelineId) | ||
buildId: $(AzDOBuildId) | ||
downloadType: specific files | ||
itemPattern: "**" | ||
downloadPath: $(Build.ArtifactStagingDirectory)\artifacts | ||
checkDownloadedFiles: true | ||
|
||
- ${{ each artifactName in parameters.pipelineArtifactNames }}: | ||
- task: DownloadPipelineArtifact@2 | ||
displayName: Download Pipeline Artifacts | ||
inputs: | ||
buildType: specific | ||
buildVersionToDownload: specific | ||
project: $(AzDOProjectName) | ||
pipeline: $(AzDOPipelineId) | ||
buildId: $(AzDOBuildId) | ||
artifactName: ${{ artifactName }} | ||
downloadPath: $(Build.ArtifactStagingDirectory)\artifacts | ||
checkDownloadedFiles: true | ||
|
||
- powershell: eng/common/sdl/extract-artifact-packages.ps1 | ||
-InputPath $(Build.ArtifactStagingDirectory)\artifacts\BlobArtifacts | ||
-ExtractPath $(Build.ArtifactStagingDirectory)\artifacts\BlobArtifacts | ||
displayName: Extract Blob Artifacts | ||
continueOnError: ${{ parameters.sdlContinueOnError }} | ||
|
||
- powershell: eng/common/sdl/extract-artifact-packages.ps1 | ||
-InputPath $(Build.ArtifactStagingDirectory)\artifacts\PackageArtifacts | ||
-ExtractPath $(Build.ArtifactStagingDirectory)\artifacts\PackageArtifacts | ||
displayName: Extract Package Artifacts | ||
continueOnError: ${{ parameters.sdlContinueOnError }} | ||
|
||
- ${{ if ne(parameters.extractArchiveArtifacts, 'false') }}: | ||
- powershell: eng/common/sdl/extract-artifact-archives.ps1 | ||
-InputPath $(Build.ArtifactStagingDirectory)\artifacts | ||
-ExtractPath $(Build.ArtifactStagingDirectory)\artifacts | ||
displayName: Extract Archive Artifacts | ||
continueOnError: ${{ parameters.sdlContinueOnError }} | ||
|
||
- template: /eng/common/templates/steps/execute-sdl.yml | ||
parameters: | ||
overrideGuardianVersion: ${{ parameters.overrideGuardianVersion }} | ||
executeAllSdlToolsScript: ${{ parameters.executeAllSdlToolsScript }} | ||
overrideParameters: ${{ parameters.overrideParameters }} | ||
additionalParameters: ${{ parameters.additionalParameters }} | ||
publishGuardianDirectoryToPipeline: ${{ parameters.publishGuardianDirectoryToPipeline }} | ||
sdlContinueOnError: ${{ parameters.sdlContinueOnError }} |
Oops, something went wrong.