- If we checkout multiple repos, then this task tries to resolve this path against $(Build.SourcesDirectory) instead of $(Build.SourcesDirectory)/BuildXL.Internal
Adding this script in the external stage of the pipeline to extarct the .nupkg files from the Bin/Release folder. Need to do this since BInSkim only supports .dll or .exe formats and fails to detect nupkg files .
Tested this in this pipeline.
Look for buildxl-external.pkgs.0.1.0-20240403.1
The .nupkg packages are converted to .zip format and then extracted to extractedPackages folder within the same directory.
Doing this avoids BinSkim from scanning the whole of the Out folder for binaries(.dll and .exe).
https://dev.azure.com/mseng/Domino/_build/results?buildId=27610984&view=artifacts&pathAsName=false&type=publishedArtifacts
Related work items: #2166618
The variables persist beyond the scope of the single task. This is useful to run RunBxlWithPAT in a pre-build task and then have the build task be exposed to these variables.
This change looks like a net negative on the surface (why replace a single script with two separate pieces?) but we need it to migrate the pipelines to 1ESPT using the BuildXL workflow, which will call BuildXL outside of any wrapping script
Pasindu Gunasekara 🍣
Michael Pysson
Qi Wang
Iman Narasamdya
Marcelo Lynch 🧉
Sahiti Chandramouli