-
Notifications
You must be signed in to change notification settings - Fork 385
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding OneBranch pipeline YAML config file for OSS_Microsoft_PSSA-Off…
…icial (#1981) * Adding OneBranch pipeline YAML config file for OSS_Microsoft_PSSA-Official * Updates to signing and TSA * Fix typo * Fix typo 2 * Fix typo 3 * Update CR feedback * Revert back to old signing * Fix source direcctory for credscan --------- Co-authored-by: OneBranch Resources <[email protected]>
- Loading branch information
1 parent
c085ee3
commit b4365ad
Showing
2 changed files
with
170 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| { | ||
| "instanceUrl": "https://msazure.visualstudio.com", | ||
| "projectName": "One", | ||
| "areaPath": "One\\MGMT\\Compute\\Powershell\\Powershell\\PowerShell Core", | ||
| "notificationAliases": [ | ||
| "[email protected]", | ||
| "[email protected]" | ||
| ], | ||
| "codebaseName": "PSSA_202403" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,160 @@ | ||
| # This Yaml Document has been converted by ESAI Yaml Pipeline Conversion Tool. | ||
| # Please make sure to check all the converted content, it is your team's responsibility to make sure that the pipeline is still valid and functions as expected. | ||
| # This pipeline will be extended to the OneBranch template | ||
| name: PSSA-Release-$(Build.BuildId) | ||
| trigger: none | ||
| pr: | ||
| branches: | ||
| include: | ||
| - master | ||
| - release* | ||
| variables: | ||
| - name: DOTNET_CLI_TELEMETRY_OPTOUT | ||
| value: 1 | ||
| - name: POWERSHELL_TELEMETRY_OPTOUT | ||
| value: 1 | ||
| - name: WindowsContainerImage | ||
| value: onebranch.azurecr.io/windows/ltsc2019/vse2022:latest | ||
| resources: | ||
| repositories: | ||
| - repository: ComplianceRepo | ||
| type: github | ||
| endpoint: ComplianceGHRepo | ||
| name: PowerShell/compliance | ||
| ref: master | ||
| - repository: onebranchTemplates | ||
| type: git | ||
| name: OneBranch.Pipelines/GovernedTemplates | ||
| ref: refs/heads/main | ||
| extends: | ||
| template: v2/OneBranch.Official.CrossPlat.yml@onebranchTemplates | ||
| parameters: | ||
| customTags: 'ES365AIMigrationTooling' | ||
| globalSdl: | ||
| sbom: | ||
| enabled: false | ||
| codeql: | ||
| compiled: | ||
| enabled: true | ||
| asyncSdl: # https://aka.ms/obpipelines/asyncsdl | ||
| enabled: true | ||
| forStages: [Build] | ||
| credscan: | ||
| enabled: true | ||
| scanFolder: $(Build.SourcesDirectory)\OSS_Microsoft_PSSA | ||
| binskim: | ||
| enabled: true | ||
| apiscan: | ||
| enabled: false | ||
|
|
||
| stages: | ||
| - stage: Build | ||
| displayName: Build | ||
| jobs: | ||
| - job: Build_Job | ||
| displayName: Build Microsoft.PowerShell.ScriptAnalyzer | ||
| variables: | ||
| - group: ESRP | ||
| - name: ob_outputDirectory | ||
| value: '$(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT' | ||
| - name: repoRoot | ||
| value: $(Build.SourcesDirectory)\OSS_Microsoft_PSSA | ||
| - name: ob_sdl_tsa_configFile | ||
| value: $(Build.SourcesDirectory)\OSS_Microsoft_PSSA\.config\tsaoptions.json | ||
| pool: | ||
| type: windows | ||
| steps: | ||
| - checkout: self | ||
| - checkout: ComplianceRepo | ||
|
|
||
| - pwsh: | | ||
| if (-not (Test-Path $(repoRoot)/.config/tsaoptions.json)) { | ||
| Get-ChildItem $(Build.SourcesDirectory) -recurse -ErrorAction SilentlyContinue | ||
| throw "tsaoptions.json does not exist under $(Build.SourcesDirectory)/OSS_Microsoft_PSSA/.config" | ||
| } | ||
| displayName: Test if tsaoptions.json exists | ||
| #- pwsh: | | ||
| # New-Item -ItemType Directory -Path $(Build.SourcesDirectory)/.config -Force -Verbose | ||
| # Copy-Item '$(Build.SourcesDirectory)/OSS_Microsoft_PSSA/.config/tsaoptions.json' '$(Build.SourcesDirectory)/.config/tsaoptions.json' -Force -Verbose | ||
| # displayName: Copy tsaoptions | ||
|
|
||
| - pwsh: | | ||
| Set-Location "$(Build.SourcesDirectory)/OSS_Microsoft_PSSA" | ||
| try { ./build.ps1 -Configuration Release -All } catch { throw $_ } | ||
| displayName: Execute build | ||
| - pwsh: | | ||
| $signSrcPath = "$(Build.SourcesDirectory)/OSS_Microsoft_PSSA/out" | ||
| # Set signing src path variable | ||
| $vstsCommandString = "vso[task.setvariable variable=signSrcPath]${signSrcPath}" | ||
| Write-Host "sending $vstsCommandString" | ||
| Write-Host "##$vstsCommandString" | ||
| $signOutStep1 = "$(Build.SourcesDirectory)/OSS_Microsoft_PSSA/Step1" | ||
| $null = New-Item -ItemType Directory -Path $signOutStep1 | ||
| # Set signing out path variable | ||
| $vstsCommandString = "vso[task.setvariable variable=signOutStep1]${signOutStep1}" | ||
| Write-Host "sending $vstsCommandString" | ||
| Write-Host "##$vstsCommandString" | ||
| $signOutPath = "$(Build.SourcesDirectory)/OSS_Microsoft_PSSA/signed" | ||
| $null = New-Item -ItemType Directory -Path $signOutPath | ||
| # Set signing out path variable | ||
| $vstsCommandString = "vso[task.setvariable variable=signOutPath]${signOutPath}" | ||
| Write-Host "sending $vstsCommandString" | ||
| Write-Host "##$vstsCommandString" | ||
| # Set path variable for guardian codesign validation | ||
| $vstsCommandString = "vso[task.setvariable variable=GDN_CODESIGN_TARGETDIRECTORY]${signOutPath}" | ||
| Write-Host "sending $vstsCommandString" | ||
| Write-Host "##$vstsCommandString" | ||
| # Get version and create a variable | ||
| $moduleData = Import-PowerShellDataFile "$(Build.SourcesDirectory)/OSS_Microsoft_PSSA/Engine/PSScriptAnalyzer.psd1" | ||
| $moduleVersion = $moduleData.ModuleVersion | ||
| $vstsCommandString = "vso[task.setvariable variable=moduleVersion]${moduleVersion}" | ||
| Write-Host "sending $vstsCommandString" | ||
| Write-Host "##$vstsCommandString" | ||
| displayName: Setup variables for signing | ||
| - template: EsrpSign.yml@ComplianceRepo | ||
| parameters: | ||
| buildOutputPath: $(signSrcPath) | ||
| signOutputPath: $(signOutStep1) | ||
| certificateId: "CP-230012" | ||
| useMinimatch: true | ||
| pattern: | | ||
| **\*.psd1 | ||
| **\*.psm1 | ||
| **\*.ps1xml | ||
| **\Microsoft*.dll | ||
| - template: EsrpSign.yml@ComplianceRepo | ||
| parameters: | ||
| buildOutputPath: $(signOutStep1) | ||
| signOutputPath: $(signOutPath) | ||
| certificateId: "CP-231522" | ||
| useMinimatch: true | ||
| pattern: | | ||
| **/Pluralize*.dll | ||
| **/Newtonsoft*.dll | ||
| - template: Sbom.yml@ComplianceRepo | ||
| parameters: | ||
| BuildDropPath: $(signOutPath) | ||
| Build_Repository_Uri: 'https://github.com/powershell/PSScriptAnalyzer' | ||
|
|
||
| - pwsh: | | ||
| Set-Location "$(Build.SourcesDirectory)/OSS_Microsoft_PSSA" | ||
| ./build -BuildNupkg -CopyManifest -signed | ||
| displayName: Create nupkg for publishing | ||
| - task: CopyFiles@2 | ||
| displayName: "Copy Files for 'publish build directory' publish task" | ||
| inputs: | ||
| SourceFolder: "$(Build.SourcesDirectory)/OSS_Microsoft_PSSA" | ||
| Contents: '**' | ||
| TargetFolder: $(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT/build | ||
|
|
||
| - task: CopyFiles@2 | ||
| displayName: "Copy Files for 'Publish module nupkg' publish task" | ||
| inputs: | ||
| Contents: "$(signOutPath)/PSScriptAnalyzer.$(moduleVersion).nupkg" | ||
| TargetFolder: $(Build.ArtifactStagingDirectory)/ONEBRANCH_ARTIFACT/nupkg |