Merge branch 'dev/hmckelvie/1ES-pipeline-migration' of https://github.com/dotnet/NuGet.BuildTasks into dev/hmckelvie/1ES-pipeline-migration

2024-03-19 08:56:08 -07:00 · 2024-03-19 08:56:08 -07:00 · 4c0d6ae91e
--- a/build/TSAOptions.json
+++ b/build/TSAOptions.json
@ -0,0 +1,24 @@
+{
+    "tsaVersion": "TsaV2",
+    "codebase": "NewOrUpdate",
+    "codebaseName": "dotnet-nuget.buildtasks",
+    "tsaStamp": "DevDiv",
+    "tsaEnvironment": "PROD",
+    "notificationAliases": [
+        "dotnetdevexproj@microsoft.com"
+    ],
+    "codebaseAdmins": [
+        "REDMOND\\tomescht",
+        "REDMOND\\kvenkatrajan"
+    ],
+    "instanceUrl": "https://devdiv.visualstudio.com",
+    "projectName": "DevDiv",
+    "areaPath": "DevDiv\\NET Tools\\Project",
+    "iterationPath": "DevDiv",
+    "repositoryName": "Nuget.BuildTasks",
+    "tools": [
+        "CredScan",
+        "PoliCheck",
+        "APIScan"
+    ]
+ }
--- a/build/official.yml
+++ b/build/official.yml
@ -22,15 +22,14 @@ extends:
  parameters:
    sdl:
      sourceAnalysisPool: VSEngSS-MicroBuild2022-1ES
-      tsa:
-        enabled: true
-        configFile: $(Build.SourcesDirectory)/build/TSAConfig.gdntsa
-        onboard: true
-      binskim:
-        enabled: true
-        analyzeTargetGlob: $(Build.SourcesDirectory)/artifacts/$(BuildConfiguration)/bin/Dlls/**.dll
-      credscan:
-        enabled: true
+      #tsa:
+      #  onboard: true
+      #  enabled: true
+      #  configFile: $(Build.SourcesDirectory)/build/TSAOptions.json
+      #binskim:
+      #  enabled: true
+      #credscan:
+      #  enabled: true
      policheck:
        enabled: true
    pool:
@ -65,7 +64,7 @@ extends:
          - output: pipelineArtifact
            displayName: 'Publish Logs'
            condition: not(succeeded())
-            targetPath: $(Build.SourcesDirectory)/artifacts/log/$(BuildConfiguration)
+            targetPath: $(Build.SourcesDirectory)/artifacts/log/$(BuildConfiguration)@self
            artifactName: 'Logs'
          - output: pipelineArtifact
            displayName: 'Publish Artifact VSSetup'
--- a/eng/common/templates-official/steps/generate-sbom.yml
+++ b/eng/common/templates-official/steps/generate-sbom.yml
@ -11,6 +11,19 @@ parameters:
  ManifestDirPath: $(Build.ArtifactStagingDirectory)/sbom
  IgnoreDirectories: ''
  sbomContinueOnError: true
+#####
+#jobs:
+#- job: PublishPipelineArtifact
+#  displayName: Publish Pipeline Artifact
+#  timeoutInMinutes: 90
+#  templateContext:
+#    outputParentDirectory: $(Build.SourcesDirectory)/artifacts
+#    outputs:
+#      - output: publishSBOMManifest
+#        displayName: Publish SBOM manifest
+#        continueOnError: ${{parameters.sbomContinueOnError}}
+#        targetPath: '${{parameters.manifestDirPath}}'
+#        artifactName: $(ARTIFACT_NAME)

 steps:
 - task: PowerShell@2 
@ -44,5 +57,4 @@ steps:
  continueOnError: ${{parameters.sbomContinueOnError}}
  inputs:
    targetPath: '${{parameters.manifestDirPath}}'
-    artifactName: $(ARTIFACT_NAME)
-
+    artifactName: $(ARTIFACT_NAME)