Skip to content

Commit

Permalink
Use suppression directly from artifact
Browse files Browse the repository at this point in the history
  • Loading branch information
@hallipr
hallipr committed Mar 5, 2025
1 parent 67fdb7e commit 4680d20
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 31 deletions.
39 changes: 19 additions & 20 deletions eng/pipelines/templates/stages/archetype-net-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ stages:
templateContext:
sdl:
credscan:
suppressionsFile: ''
suppressionsFile: '$(Pipeline.Workspace)/${{parameters.ArtifactName}}/CredScanSuppression.json'

outputs:
- output: pipelineArtifact
Expand Down Expand Up @@ -269,13 +269,16 @@ stages:
dependsOn: Signing
jobs:
- job: PublishPackages
condition: or(eq(variables['SetDevVersion'], 'true'), and(eq(variables['Build.Reason'],'Schedule'), eq(variables['System.TeamProject'], 'internal')))
condition: and(succeeded(), or(eq(variables['SetDevVersion'], 'true'), and(eq(variables['Build.Reason'],'Schedule'), eq(variables['System.TeamProject'], 'internal'))))
displayName: Publish package to daily feed
pool:
name: $(WINDOWSPOOL)
image: $(WINDOWSVMIMAGE)
os: windows
templateContext:
sdl:
credscan:
suppressionsFile: '$(Pipeline.Workspace)/${{parameters.ArtifactName}}-signed/CredScanSuppression.json'
outputParentDirectory: '$(Pipeline.Workspace)'
outputs:
- ${{ each artifact in parameters.Artifacts }}:
Expand All @@ -285,24 +288,20 @@ stages:
packagesToPush: '$(Pipeline.Workspace)/${{parameters.ArtifactName}}-signed/${{artifact.name}}/*.nupkg;!$(Pipeline.Workspace)/${{parameters.ArtifactName}}-signed/${{artifact.name}}/*.symbols.nupkg'
publishVstsFeed: $(DevOpsFeedID)

steps:
- checkout: azure-sdk-build-tools
path: azure-sdk-build-tools
- download: current
artifact: ${{parameters.ArtifactName}}-signed
- template: /eng/pipelines/templates/steps/copy-credscan-suppressions.yml
parameters:
ArtifactPath: $(Pipeline.Workspace)/${{parameters.ArtifactName}}-signed
- pwsh: |
# For safety default to publishing to the private feed.
# Publish to https://dev.azure.com/azure-sdk/internal/_packaging?_a=feed&feed=azure-sdk-for-net-pr
$devopsFeedId = '590cfd2a-581c-4dcb-a12e-6568ce786175/fa8b2d77-74d9-48d7-bb96-badb2b9c6ca4'
if ('$(Build.Repository.Name)' -eq 'Azure/azure-sdk-for-net') {
$devopsFeedId = '${{ parameters.DevOpsFeedID }}'
}
echo "##vso[task.setvariable variable=DevOpsFeedID]$devopsFeedId"
echo "Using DevopsFeedId = $devopsFeedId"
displayName: Setup DevOpsFeedId
steps:
- checkout: none
- download: current
artifact: ${{parameters.ArtifactName}}-signed
- pwsh: |
# For safety default to publishing to the private feed.
# Publish to https://dev.azure.com/azure-sdk/internal/_packaging?_a=feed&feed=azure-sdk-for-net-pr
$devopsFeedId = '590cfd2a-581c-4dcb-a12e-6568ce786175/fa8b2d77-74d9-48d7-bb96-badb2b9c6ca4'
if ('$(Build.Repository.Name)' -eq 'Azure/azure-sdk-for-net') {
$devopsFeedId = '${{ parameters.DevOpsFeedID }}'
}
echo "##vso[task.setvariable variable=DevOpsFeedID]$devopsFeedId"
echo "Using DevopsFeedId = $devopsFeedId"
displayName: Setup DevOpsFeedId
- job: PublishDocsToNightlyBranch
dependsOn: PublishPackages
Expand Down
11 changes: 0 additions & 11 deletions eng/pipelines/templates/steps/copy-credscan-suppressions.yml
View file

This file was deleted.

0 comments on commit 4680d20

Please sign in to comment.