Build SBOM manifest as part of build
This commit is contained in:
Andrew Arnott
Родитель
c365962298
Коммит
6235412ac9
|
|
@ -155,6 +155,9 @@ try {
|
|||
$YmlReplacements['(codecov_token: ).*(#.*)'] = "#`$1`$2"
|
||||
}
|
||||
Replace-Placeholders -Path "azure-pipelines.yml" -Replacements $YmlReplacements
|
||||
Replace-Placeholders -Path "azure-pipelines/microbuild.after.yml" -Replacements @{
|
||||
'Library' = $LibraryName;
|
||||
}
|
||||
|
||||
Replace-Placeholders -Path "azure-pipelines/variables/InsertVersionsValues.ps1" -Replacements @{
|
||||
'LibraryName' = $LibraryName;
|
||||
|
|
|
|||
|
|
@ -8,6 +8,9 @@ if (!$BuildConfiguration) {
|
|||
|
||||
$PackagesRoot = "$RepoRoot/bin/Packages/$BuildConfiguration/NuGet"
|
||||
|
||||
# This artifact is not ready if we're running on the devdiv AzDO account and we don't have an SBOM yet.
|
||||
if ($env:SYSTEM_COLLECTIONID -eq '011b8bdf-6d56-4f87-be0d-0092136884d9' -and -not (Test-Path $PackagesRoot/_manifest)) { return @{} }
|
||||
|
||||
if (!(Test-Path $PackagesRoot)) { return @{} }
|
||||
|
||||
@{
|
||||
|
|
|
|||
|
|
@ -36,6 +36,11 @@ jobs:
|
|||
- template: microbuild.after.yml
|
||||
parameters:
|
||||
EnableAPIScan: ${{ parameters.EnableAPIScan }}
|
||||
# Repeat this step to scoop up any artifacts that would only be collected after running microbuild.after.yml
|
||||
- powershell: azure-pipelines/artifacts/_pipelines.ps1 -ArtifactNameSuffix "-$(Agent.JobName)"
|
||||
failOnStderr: true
|
||||
displayName: Publish artifacts
|
||||
condition: succeededOrFailed()
|
||||
|
||||
- template: expand-template.yml
|
||||
|
||||
|
|
|
|||
|
|
@ -13,6 +13,15 @@ steps:
|
|||
condition: succeededOrFailed()
|
||||
displayName: MicroBuild Cleanup
|
||||
|
||||
- task: ManifestGeneratorTask@0
|
||||
displayName: Software Bill of Materials generation
|
||||
inputs:
|
||||
BuildDropPath: $(System.DefaultWorkingDirectory)/bin/Library/$(BuildConfiguration)
|
||||
BuildComponentPath: $(System.DefaultWorkingDirectory)/obj/src/Library
|
||||
|
||||
- powershell: Copy-Item -Recurse "$(System.DefaultWorkingDirectory)/bin/Library/$(BuildConfiguration)/_manifest" "$(System.DefaultWorkingDirectory)/bin/Packages/$(BuildConfiguration)/NuGet"
|
||||
displayName: Publish Software Bill of Materials
|
||||
|
||||
- task: Ref12Analyze@0
|
||||
displayName: Ref12 (Codex) Analyze
|
||||
inputs:
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ stages:
|
|||
push_to_ci: true
|
||||
NUGET_PACKAGES: $(Agent.TempDirectory)/.nuget/packages
|
||||
SignTypeSelection: ${{ parameters.SignTypeSelection }}
|
||||
Packaging.EnableSBOMSigning: true
|
||||
|
||||
jobs:
|
||||
- template: build.yml
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче