From bbcb5dbf5171a8e40b392d738f227868dccd398a Mon Sep 17 00:00:00 2001 From: Gerald Versluis Date: Wed, 6 Mar 2024 17:20:39 +0100 Subject: [PATCH] Add APIScan (#15872) * Add API Scan * Update xf-release.yml * Add APIScan artifact * Update build-windows.yml * Update xf-release.yml * Revert "Update xf-release.yml" This reverts commit 5de7c803a18beeca2b41c9f0786020307d573c7f. --- build/automation/tsaoptions-v2.json | 11 +++++++++++ build/steps/build-windows.yml | 24 +++++++++++++++++++++++- eng/xf-release.yml | 19 ++++++++++++++++++- 3 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 build/automation/tsaoptions-v2.json diff --git a/build/automation/tsaoptions-v2.json b/build/automation/tsaoptions-v2.json new file mode 100644 index 00000000000..9089e7028e4 --- /dev/null +++ b/build/automation/tsaoptions-v2.json @@ -0,0 +1,11 @@ +{ + "codebaseName": "xamarin.forms_main", + "notificationAliases": [ + "dotnet-maui-eng@microsoft.com" + ], + "instanceUrl": "https://devdiv.visualstudio.com/", + "projectName": "DevDiv", + "areaPath": "DevDiv\\VS Client - Runtime SDKs\\Xamarin Forms", + "iterationPath": "DevDiv", + "allTools": true + } \ No newline at end of file diff --git a/build/steps/build-windows.yml b/build/steps/build-windows.yml index ecb8fd09704..6fb02113b0c 100644 --- a/build/steps/build-windows.yml +++ b/build/steps/build-windows.yml @@ -8,7 +8,7 @@ parameters: runTests: 'true' artifact: 'nuget' artifactBinaries: 'win_build' - artifactDocs: 'pack-docs' + artifactApiscan: 'apiscan' publishArtifacts: true steps: @@ -226,6 +226,28 @@ steps: CleanTargetFolder: false flattenFolders: false + - task: CopyFiles@2 + displayName: 'Copy releasable binaries for compliance scanning' + condition: eq(variables['BuildConfiguration'], 'Release') + inputs: + Contents: | + **/bin/Release/**/Xamarin.Forms.*.dll + **/bin/Release/**/FormsViewGroup.dll + !**/bin/Release/**/*.UnitTests.dll + !**/bin/Release/**/*.ControlGallery.*.dll + !**/bin/Release/**/Xamarin.Forms.Controls.dll + TargetFolder: '$(build.artifactstagingdirectory)/${{ parameters.artifactApiscan }}' + CleanTargetFolder: true + flattenFolders: true + + - ${{ if eq(parameters.publishArtifacts, 'true') }}: + - task: PublishBuildArtifacts@1 + displayName: 'Publish Releasable Binaries for compliance scanning' + condition: eq(variables['BuildConfiguration'], 'Release') + inputs: + PathtoPublish: '$(build.artifactstagingdirectory)/${{ parameters.artifactApiscan }}' + ArtifactName: ${{ parameters.artifactApiscan }} + - ${{ if eq(parameters.publishArtifacts, 'true') }}: - task: PublishBuildArtifacts@1 displayName: 'Publish Artifact: ${{ parameters.artifactBinaries }}' diff --git a/eng/xf-release.yml b/eng/xf-release.yml index 5220ce2c68b..a22ae679adf 100644 --- a/eng/xf-release.yml +++ b/eng/xf-release.yml @@ -29,7 +29,7 @@ parameters: name: Windows artifact: nuget binariesArtifact: win_build - docsArtifact: xml-docs + apiscanArtifact: apiscan - name: Skip1ESComplianceTasks default: false @@ -109,6 +109,10 @@ extends: displayName: 'Publish the ${{ parameters.PackPlatform.binariesArtifact }} artifacts' artifactName: ${{ parameters.PackPlatform.binariesArtifact }} targetPath: '$(Build.ArtifactStagingDirectory)' + - output: pipelineArtifact + displayName: 'Publish the ${{ parameters.PackPlatform.apiscanArtifact }} artifacts' + artifactName: ${{ parameters.PackPlatform.apiscanArtifact }} + targetPath: '$(Build.ArtifactStagingDirectory)/${{ parameters.PackPlatform.apiscanArtifact }}' variables: BuildConfiguration: Release steps: @@ -122,6 +126,7 @@ extends: artifact: ${{ parameters.PackPlatform.artifact }} artifactBinaries: ${{ parameters.PackPlatform.binariesArtifact }} artifactsTargetFolder: '$(Build.ArtifactStagingDirectory)' + artifactApiscan: '${{ parameters.PackPlatform.apiscanArtifact }}' - job: nuget_pack_hosted workspace: @@ -151,6 +156,18 @@ extends: binariesArtifact: ${{ parameters.PackPlatform.binariesArtifact }} artifactsTargetFolder: '$(build.artifactstagingdirectory)/${{ parameters.PackPlatform.artifact }}' + - template: security/apiscan/v0.yml@xamarin-templates + parameters: + windowsPoolName: ${{ parameters.VM_IMAGE_HOST.name }} + windowsImageOverride: ${{ parameters.VM_IMAGE_HOST.image }} + stageDependsOn: 'windows' + timeoutInMinutes: 600 + scanArtifacts: [ '${{ parameters.PackPlatform.artifact }}', '${{ parameters.PackPlatform.apiscanArtifact }}' ] + sourceGdnSuppressionFile: '$(Build.SourcesDirectory)\build\automation\guardian\source.gdnsuppress' + tsaConfigFile: '$(Build.SourcesDirectory)\build\automation\tsaoptions-v2.json' + apiScanSoftwareName: 'Xamarin.Forms' + apiScanSoftwareVersionNum: '5.0.0' + - stage: nuget_signing dependsOn: windows displayName: Sign Nuget