Update SBOM support to use the new SBOM plugin

Remove deprecated SBOM handling SBOM is now generated as part of the build (when it applies).
2022-07-21 18:23:12 -06:00 · 2022-07-21 18:23:12 -06:00 · b5f7042d43
--- a/azure-pipelines/Install-NuGetPackage.ps1
+++ b/azure-pipelines/Install-NuGetPackage.ps1
@ -45,6 +45,8 @@ try {
        $p = Start-Process $nugetPath $nugetArgs -NoNewWindow -Wait -PassThru
        if ($p.ExitCode -ne 0) { throw }
    }
+
+    Write-Output (Get-ChildItem "$PackagesDir\$PackageId.*")[0].FullName
 } finally {
    Pop-Location
 }
--- a/azure-pipelines/artifacts/VSInsertion.ps1
+++ b/azure-pipelines/artifacts/VSInsertion.ps1
@ -1,12 +1,7 @@
 # This artifact captures everything needed to insert into VS (NuGet packages, insertion metadata, etc.)

-<#
-.PARAMETER SbomNotRequired
-    Indicates that returning the artifacts available is preferable to nothing at all when the SBOM has not yet been generated.
-#>
 [CmdletBinding()]
 Param (
-    [switch]$SbomNotRequired
 )

 if ($IsMacOS -or $IsLinux) {
@ -23,12 +18,6 @@ if (!$BuildConfiguration) {

 $PackagesRoot = "$RepoRoot/bin/Packages/$BuildConfiguration/NuGet"

-# This artifact is not ready if we're running on the devdiv AzDO account and we don't have an SBOM yet.
-if ($env:SYSTEM_COLLECTIONID -eq '011b8bdf-6d56-4f87-be0d-0092136884d9' -and -not (Test-Path $PackagesRoot/_manifest) -and -not $SbomNotRequired) {
-    Write-Host "Skipping because SBOM isn't generated yet."
-    return @{}
-}
-
 if (!(Test-Path $PackagesRoot)) {
    Write-Warning "Skipping because packages haven't been built yet."
    return @{}
--- a/azure-pipelines/build.yml
+++ b/azure-pipelines/build.yml
@ -36,11 +36,6 @@ jobs:
    - template: microbuild.after.yml
      parameters:
        EnableAPIScan: ${{ parameters.EnableAPIScan }}
-    # Repeat this step to scoop up any artifacts that would only be collected after running microbuild.after.yml
-    - powershell: azure-pipelines/artifacts/_pipelines.ps1 -ArtifactNameSuffix "-$(Agent.JobName)"
-      failOnStderr: true
-      displayName: Publish artifacts
-      condition: succeededOrFailed()

  - template: expand-template.yml

--- a/azure-pipelines/microbuild.after.yml
+++ b/azure-pipelines/microbuild.after.yml
@ -13,15 +13,6 @@ steps:
  condition: succeededOrFailed()
  displayName: MicroBuild Cleanup

- task: ManifestGeneratorTask@0
-  displayName: Software Bill of Materials generation
-  inputs:
-    BuildDropPath: $(System.DefaultWorkingDirectory)/bin/Library/$(BuildConfiguration)
-    BuildComponentPath: $(System.DefaultWorkingDirectory)/obj/src/Library
-
- powershell: Copy-Item -Recurse -Verbose "$(System.DefaultWorkingDirectory)/bin/Library/$(BuildConfiguration)/_manifest" "$(System.DefaultWorkingDirectory)/bin/Packages/$(BuildConfiguration)/NuGet"
-  displayName: Publish Software Bill of Materials
-
 - task: Ref12Analyze@0
  displayName: Ref12 (Codex) Analyze
  inputs:
--- a/azure-pipelines/microbuild.before.yml
+++ b/azure-pipelines/microbuild.before.yml
@ -12,3 +12,6 @@ steps:
  inputs:
    signType: $(SignType)
  displayName: Install MicroBuild Signing Plugin
+
+- task: MicroBuildSbomPlugin@1
+  displayName: Install MicroBuild Sbom Plugin
--- a/azure-pipelines/variables/InsertConfigValues.ps1
+++ b/azure-pipelines/variables/InsertConfigValues.ps1
@ -1,4 +1,4 @@
-$InsertedPkgs = (& "$PSScriptRoot\..\artifacts\VSInsertion.ps1" -SbomNotRequired)
+$InsertedPkgs = (& "$PSScriptRoot\..\artifacts\VSInsertion.ps1")

 $icv=@()
 foreach ($kvp in $InsertedPkgs.GetEnumerator()) {
--- a/init.ps1
+++ b/init.ps1
@ -39,6 +39,8 @@
    Install the MicroBuild setup plugin for building VSIXv3 packages.
 .PARAMETER OptProf
    Install the MicroBuild OptProf plugin for building optimized assemblies on desktop machines.
+.PARAMETER Sbom
+    Install the MicroBuild SBOM plugin.
 .PARAMETER AccessToken
    An optional access token for authenticating to Azure Artifacts authenticated feeds.
 #>
@ -63,6 +65,8 @@ Param (
    [Parameter()]
    [switch]$OptProf,
    [Parameter()]
+    [switch]$SBOM,
+    [Parameter()]
    [string]$AccessToken
 )

@ -130,6 +134,14 @@ try {
        $EnvVars['LocLanguages'] = "JPN"
    }

+    if ($SBOM) {
+        Write-Host "Installing MicroBuild SBOM plugin" -ForegroundColor $HeaderColor
+        & $InstallNuGetPkgScriptPath MicroBuild.Plugins.Sbom -source $MicroBuildPackageSource -Verbosity $nugetVerbosity
+        $PkgMicrosoft_ManifestTool_CrossPlatform = & $InstallNuGetPkgScriptPath Microsoft.ManifestTool.CrossPlatform -source 'https://1essharedassets.pkgs.visualstudio.com/1esPkgs/_packaging/SBOMTool/nuget/v3/index.json' -Verbosity $nugetVerbosity
+        $EnvVars['GenerateSBOM'] = "true"
+        $EnvVars['PkgMicrosoft_ManifestTool_CrossPlatform'] = $PkgMicrosoft_ManifestTool_CrossPlatform
+    }
+
    & "$PSScriptRoot/tools/Set-EnvVars.ps1" -Variables $EnvVars -PrependPath $PrependPath | Out-Null
 }
 catch {