restructuring CI to reduce time-to-failure for scanning (#3761)

2024-07-24 13:57:40 -07:00 · 2024-07-24 13:57:40 -07:00 · d76aa7b7dd
--- a/check-vulnerabilities.ps1
+++ b/check-vulnerabilities.ps1
@ -7,6 +7,11 @@ if (-not (Test-Path $projectPath))
 }

 cd $projectPath
+
+$cmd = "restore"
+Write-Host "dotnet $cmd"
+dotnet $cmd | Tee-Object $logFilePath
+
 $cmd = "list", "package", "--include-transitive", "--vulnerable"
 Write-Host "dotnet $cmd"
 dotnet $cmd | Tee-Object $logFilePath
--- a/eng/ci/templates/public/jobs/build-test-public.yml
+++ b/eng/ci/templates/public/jobs/build-test-public.yml
@ -38,6 +38,9 @@ jobs:
      .\validateWorkerVersions.ps1
    displayName: 'Validate worker versions'
    condition: ne(variables['skipWorkerVersionValidation'], 'true')
+  - pwsh: |
+      .\check-vulnerabilities.ps1
+    displayName: "Check for security vulnerabilities"
  - pwsh: |
      .\build.ps1
    env:
@ -46,9 +49,6 @@ jobs:
      IsPublicBuild: true
      IsCodeqlBuild: false
    displayName: 'Executing build script'
-  - pwsh: |
-      .\check-vulnerabilities.ps1
-    displayName: "Check for security vulnerabilities"
  - task: PublishTestResults@2
    inputs:
      testResultsFormat: 'VSTest'
--- a/pipelineUtilities.psm1
+++ b/pipelineUtilities.psm1
@ -81,22 +81,45 @@ function AddLocalDotnetDirPath {
    }
 }

-function Find-Dotnet
+function Find-DotnetVersionsToInstall
 {
    AddLocalDotnetDirPath
    $listSdksOutput = dotnet --list-sdks
    $installedDotnetSdks = $listSdksOutput | ForEach-Object { $_.Split(" ")[0] }
    Write-Host "Detected dotnet SDKs: $($installedDotnetSdks -join ', ')"
+    $missingVersions = [System.Collections.Generic.List[string]]::new()
    foreach ($majorMinorVersion in $DotnetSDKVersionRequirements.Keys) {
        $minimalVersion = "$majorMinorVersion.$($DotnetSDKVersionRequirements[$majorMinorVersion].MinimalPatch)"
        $firstAcceptable = $installedDotnetSdks |
                                Where-Object { $_.StartsWith("$majorMinorVersion.") } |
                                Where-Object { [System.Management.Automation.SemanticVersion]::new($_) -ge [System.Management.Automation.SemanticVersion]::new($minimalVersion) } |
                                Select-Object -First 1
-        if (-not $firstAcceptable) {
-            throw "Cannot find the dotnet SDK for .NET Core $majorMinorVersion. Version $minimalVersion or higher is required. Please specify '-Bootstrap' to install build dependencies."
+        if ($firstAcceptable) {
+            Write-Host "Found dotnet SDK $firstAcceptable for .NET Core $majorMinorVersion."
+        }                               
+        else {
+            Write-Host "Cannot find the dotnet SDK for .NET Core $majorMinorVersion. Version $minimalVersion or higher is required."
+            $missingVersions.Add("$majorMinorVersion.$($DotnetSDKVersionRequirements[$majorMinorVersion].DefaultPatch)")
        }
    }
+    return $missingVersions
+}
+
+$installScript = if ($IsWindows) { "dotnet-install.ps1" } else { "dotnet-install.sh" }
+$obtainUrl = "https://raw.githubusercontent.com/dotnet/cli/master/scripts/obtain"
+
+function Install-DotnetVersion($Version,$Channel) {
+    if ((Test-Path  $installScript) -ne $True) {
+        Write-Host "Downloading dotnet-install script"
+        Invoke-WebRequest -Uri $obtainUrl/$installScript -OutFile $installScript
+    }
+
+    Write-Host "Installing dotnet SDK version $Version"
+    if ($IsWindows) {
+        & .\$installScript -InstallDir "$env:ProgramFiles/dotnet" -Channel $Channel -Version $Version
+    } else {
+        bash ./$installScript --install-dir /usr/share/dotnet -c $Channel -v $Version
+    }
 }

 function Install-Dotnet {
@ -105,25 +128,18 @@ function Install-Dotnet {
        [string]$Channel = 'release'
    )
    try {
-        Find-Dotnet
-        return  # Simply return if we find dotnet SDk with the correct version
-    } catch { }
-    $obtainUrl = "https://raw.githubusercontent.com/dotnet/cli/master/scripts/obtain"
-    try {
-        $installScript = if ($IsWindows) { "dotnet-install.ps1" } else { "dotnet-install.sh" }
-        Invoke-WebRequest -Uri $obtainUrl/$installScript -OutFile $installScript
-        foreach ($majorMinorVersion in $DotnetSDKVersionRequirements.Keys) {
-            $version = "$majorMinorVersion.$($DotnetSDKVersionRequirements[$majorMinorVersion].DefaultPatch)"
-            Write-Host "Installing dotnet SDK version $version"
-            if ($IsWindows) {
-                & .\$installScript -InstallDir "$env:ProgramFiles/dotnet" -Channel $Channel -Version $Version
-            } else {
-                bash ./$installScript --install-dir /usr/share/dotnet -c $Channel -v $Version
-            }
+        $versionsToInstall = Find-DotnetVersionsToInstall
+        if ($versionsToInstall.Count -eq 0) {
+            return
+        }
+        foreach ($version in $versionsToInstall) {
+            Install-DotnetVersion -Version $version -Channel $Channel
        }
        AddLocalDotnetDirPath
    }
    finally {
-        Remove-Item $installScript -Force -ErrorAction SilentlyContinue
+        if (Test-Path  $installScript) {
+            Remove-Item $installScript -Force -ErrorAction SilentlyContinue
+        }
    }
 }