Skip to content

Commit

Permalink
Fix APIScan (#265)
Browse files Browse the repository at this point in the history
  • Loading branch information
mattleibow authored Apr 5, 2024
1 parent 4029bc5 commit 0b5467d
Showing 1 changed file with 33 additions and 6 deletions.
39 changes: 33 additions & 6 deletions azure-pipelines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@ parameters:
displayName: 'Run post-build compliance tasks (such as API Scan)'
type: boolean
default: false
- name: buildAgent
displayName: 'The build agent to use'
type: object
default:
name: Maui-1ESPT
image: 1ESPT-Windows2022
os: windows

variables:
- template: /scripts/azure-pipelines-variables.yml@self
Expand All @@ -26,10 +33,7 @@ resources:
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
pool:
name: AzurePipelines-EO
image: 1ESPT-Windows2022
os: windows
pool: ${{ parameters.buildAgent }}
customBuildTags:
- ES365AIMigrationTooling
stages:
Expand All @@ -41,6 +45,17 @@ extends:
displayName: Build
templateContext:
sdl:
apiscan:
enabled: true
binskim:
enabled: true
break: false
codeInspector:
enabled: true
credscan:
enabled: true
policheck:
enabled: true
spotBugs:
enabled: false
outputParentDirectory: 'output'
Expand Down Expand Up @@ -72,12 +87,24 @@ extends:
- ${{ if or( eq(variables['Build.Reason'], 'Schedule'), parameters.runCompliance ) }}:
- template: security/apiscan/v0.yml@internal-templates
parameters:
windowsPoolName: AzurePipelines-EO
windowsImageOverride: 1ESPT-Windows2022
windowsPoolName: ${{ parameters.buildAgent.name }}
windowsImageOverride: ${{ parameters.buildAgent.image }}
timeoutInMinutes: 480
stageDependsOn:
- build
scanArtifacts:
- nuget
apiScanSoftwareName: SkiaSharp
apiScanSoftwareVersionNum: $(MAJOR_VERSION)
apiScanAuthConnectionString: 'runAs=App;AppId=$(ApiScanClientId)'
preScanSteps:
- pwsh: |
$nupkgs = (Get-ChildItem "$(Build.ArtifactStagingDirectory)\binaries-to-scan\*\*.*nupkg")
foreach ($nupkg in $nupkgs) {
$filename = $nupkg.Name.TrimEnd('.nupkg')
$dest = "$(Build.ArtifactStagingDirectory)\binaries-to-scan\nuget_symbols-extracted\$filename"
Write-Host "Extracting '$nupkg' to '$dest'..."
Expand-Archive $nupkg $dest
Remove-Item $nupkg
}
displayName: Extract all the .nupkg files

0 comments on commit 0b5467d

Please sign in to comment.