-
Notifications
You must be signed in to change notification settings - Fork 223
/
azure-pipelines-publishing.yml
142 lines (127 loc) · 4.98 KB
/
azure-pipelines-publishing.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: $(TeamProject)_$(BuildDefinitionName)_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r)
# No trigger for publishing
trigger: none
# No pull request triggers for publishing
pr: none
resources:
repositories:
- repository: self
type: git
ref: refs/heads/master
- repository: 1ESPipelineTemplates
type: git
name: 1ESPipelineTemplates/1ESPipelineTemplates
ref: refs/tags/release
variables:
- name: __NugetSecurityAnalysisWarningLevel__
value: none
- name: runCodesignValidationInjection
value: false
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
pool:
name: MSSecurity-1ES-Build-Agents-Pool
image: MSSecurity-1ES-Windows-2019
os: windows
customBuildTags:
- ES365AIMigrationTooling
stages:
- stage: build
jobs:
- job: Release
timeoutInMinutes: 60
variables:
buildPlatform: 'Any CPU'
buildConfiguration: 'Release'
skipComponentGovernanceDetection: true
odataSamplesDir: '$(Build.SourcesDirectory)'
odataSamplesServicesDir: '$(odataSamplesDir)\Services'
odataSamplesToolsDir: '$(odataSamplesDir)\tools'
odataSamplesServicesSln: '$(odataSamplesServicesDir)\Services.OData.Org.sln'
odataWebV2BinPath: '$(odataSamplesServicesDir)\ODataWeb\bin'
odataWebV3BinPath: '$(odataSamplesServicesDir)\ODataWebV3\bin'
odataWebV4BinPath: '$(odataSamplesServicesDir)\ODataWebV4\bin'
adventureWorksV3BinPath: '$(odataSamplesServicesDir)\Microsoft.Samples.SqlServer.AdventureWorksService\bin'
templateContext:
outputs:
- output: pipelineArtifact
targetPath: $(Build.ArtifactStagingDirectory)
artifactName: 'drop'
steps:
- task: NuGetToolInstaller@1
displayName: 'Install NuGet >=5.2.0 tool'
inputs:
versionSpec: '>=5.2.0'
checkLatest: true
- task: NuGetCommand@2
displayName: 'Restore NuGet packages'
inputs:
command: 'restore'
restoreSolution: '$(odataSamplesServicesSln)'
- task: VSBuild@1
displayName: 'Build Services.OData.Org solution'
inputs:
solution: '$(odataSamplesServicesSln)'
msbuildArgs: '/p:DeployOnBuild=true /p:WebPublishMethod=Package /p:SkipInvalidConfigurations=true /p:PackageLocation=$(Build.ArtifactStagingDirectory)'
platform: '$(buildPlatform)'
configuration: '$(buildConfiguration)'
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
displayName: 'Run CredScan - Services'
inputs:
scanFolder: '$(odataSamplesServicesDir)'
debugMode: false
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
displayName: 'Run CredScan - Tools'
inputs:
scanFolder: '$(odataSamplesToolsDir)'
debugMode: false
- task: BinSkim@3
displayName: 'Run BinSkim - OData Samples V2'
inputs:
InputType: Basic
AnalyzeTarget: |
$(odataWebV2BinPath)\**\ODataWeb.dll;$(odataWebV2BinPath)\**\DataServiceProvider.dll
AnalyzeVerbose: true
AnalyzeHashes: true
AnalyzeEnvironment: true
- task: BinSkim@3
displayName: 'Run BinSkim - OData Samples V3'
inputs:
InputType: Basic
AnalyzeTarget: |
$(odataWebV3BinPath)\**\ODataWebV3.dll;$(odataWebV2BinPath)\**\DataServiceProviderV3.dll
AnalyzeVerbose: true
AnalyzeHashes: true
AnalyzeEnvironment: true
- task: BinSkim@3
displayName: 'Run BinSkim - OData Samples V3 AdventureWorks'
inputs:
InputType: Basic
AnalyzeTarget: |
$(adventureWorksV3BinPath)\**\Microsoft.Samples.SqlServer.AdventureWorksService.dll
AnalyzeVerbose: true
AnalyzeHashes: true
AnalyzeEnvironment: true
- task: BinSkim@3
displayName: 'Run BinSkim - OData Samples V4'
inputs:
InputType: Basic
AnalyzeTarget: |
$(odataWebV4BinPath)\**\ODataWebV4.dll;$(odataWebV4BinPath)\**\ODataServiceProviderV4.dll;$(odataWebV4BinPath)\**\Microsoft.OData.Service.Ef6.dll;$(odataWebV4BinPath)\**\Microsoft.OData.Service.dll
AnalyzeVerbose: true
AnalyzeHashes: true
AnalyzeEnvironment: true
- task: PublishSecurityAnalysisLogs@2
displayName: 'Publish Security Analysis Logs'
inputs:
ArtifactName: SecurityLogs
- task: PostAnalysis@2
displayName: 'Post Analysis'
inputs:
BinSkim: true
CredScan: true
PoliCheck: true
PoliCheckBreakOn: Severity2Above
enabled: true
continueOnError: true