Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit587d433

Browse files
authored
Enable CodeQl3000 (#365)
* Add CodeQL pipeline* Fixup* Fix image* myget feeds* Fix nuget.config* Fix build invocation* fix nuget.config* Fix build steps* Spacing* Remove .DS_Store files
1 parent871710e commit587d433

32 files changed

+2297
-3
lines changed

‎.codeql.yml

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
parameters:
2+
# Optionally do not publish to TSA. Useful for e.g. verifying fixes before PR.
3+
-name:TSAEnabled
4+
displayName:Publish results to TSA
5+
type:boolean
6+
default:true
7+
8+
variables:
9+
-template:eng/common/templates/variables/pool-providers.yml
10+
# CG is handled in the primary CI pipeline
11+
-name:skipComponentGovernanceDetection
12+
value:true
13+
# Force CodeQL enabled so it may be run on any branch
14+
-name:Codeql.Enabled
15+
value:true
16+
# Do not let CodeQL 3000 Extension gate scan frequency
17+
-name:Codeql.Cadence
18+
value:0
19+
-name:Codeql.SourceRoot
20+
value:src
21+
# CodeQL needs this plumbed along as a variable to enable TSA
22+
-name:Codeql.TSAEnabled
23+
value:${{ parameters.TSAEnabled }}
24+
# Default expects tsaoptions.json under SourceRoot.
25+
-name:Codeql.TSAOptionsPath
26+
value:'$(Build.SourcesDirectory)/.config/tsaoptions.json'
27+
28+
# Build variables
29+
-name:_BuildConfig
30+
value:Release
31+
32+
trigger:none
33+
34+
schedules:
35+
-cron:0 12 * * 1
36+
displayName:Weekly Monday CodeQL run
37+
branches:
38+
include:
39+
-main
40+
always:true
41+
42+
jobs:
43+
-job:codeql
44+
displayName:CodeQL
45+
pool:
46+
name:NetCore1ESPool-Internal
47+
demands:ImageOverride -equals windows.vs2017.amd64
48+
timeoutInMinutes:90
49+
50+
steps:
51+
52+
-task:UseDotNet@2
53+
inputs:
54+
useGlobalJson:true
55+
56+
-task:CodeQL3000Init@0
57+
displayName:CodeQL Initialize
58+
59+
-script:.\build.cmd EnableSkipStrongNames
60+
displayName:Windows Build - EnableSkipStrongNames
61+
62+
-script:.\build.cmd
63+
displayName:Windows Build
64+
65+
-task:CodeQL3000Finalize@0
66+
displayName:CodeQL Finalize

‎.config/tsaoptions.json

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
{
2+
"areaPath":"DevDiv\\ASP.NET Core",
3+
"codebaseName":"AspNetWebStack",
4+
"instanceUrl":"https://devdiv.visualstudio.com/",
5+
"iterationPath":"DevDiv",
6+
"notificationAliases": [
7+
"aspnetcore-build@microsoft.com"
8+
],
9+
"projectName":"DEVDIV",
10+
"repositoryName":"AspNetWebStack",
11+
"template":"TFSDEVDIV"
12+
}

‎.nuget/NuGet.Config

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,8 @@
44
<addkey="disableSourceControlIntegration"value="true" />
55
</solution>
66
<packageSources>
7-
<addkey="nuget.org"value="https://www.nuget.org/api/v2/" />
8-
<addkey="buildTools"value="https://www.myget.org/F/30de4ee06dd54956a82013fa17a3accb/" />
9-
<addkey="externalComponentDependencies"value="https://www.myget.org/F/02a8fd0d231848d2ae32cd901e273000" />
7+
<clear />
8+
<addkey="dotnet-public"value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public/nuget/v3/index.json" />
9+
<addkey="myget-legacy"value="https://pkgs.dev.azure.com/dnceng/public/_packaging/myget-legacy/nuget/v3/index.json" />
1010
</packageSources>
1111
</configuration>
Lines changed: 134 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,134 @@
1+
parameters:
2+
enable:'false'# Whether the SDL validation job should execute or not
3+
overrideParameters:''# Optional: to override values for parameters.
4+
additionalParameters:''# Optional: parameters that need user specific values eg: '-SourceToolsList @("abc","def") -ArtifactToolsList @("ghi","jkl")'
5+
# Optional: if specified, restore and use this version of Guardian instead of the default.
6+
overrideGuardianVersion:''
7+
# Optional: if true, publish the '.gdn' folder as a pipeline artifact. This can help with in-depth
8+
# diagnosis of problems with specific tool configurations.
9+
publishGuardianDirectoryToPipeline:false
10+
# The script to run to execute all SDL tools. Use this if you want to use a script to define SDL
11+
# parameters rather than relying on YAML. It may be better to use a local script, because you can
12+
# reproduce results locally without piecing together a command based on the YAML.
13+
executeAllSdlToolsScript:'eng/common/sdl/execute-all-sdl-tools.ps1'
14+
# There is some sort of bug (has been reported) in Azure DevOps where if this parameter is named
15+
# 'continueOnError', the parameter value is not correctly picked up.
16+
# This can also be remedied by the caller (post-build.yml) if it does not use a nested parameter
17+
sdlContinueOnError:false# optional: determines whether to continue the build if the step errors;
18+
# optional: determines if build artifacts should be downloaded.
19+
downloadArtifacts:true
20+
# optional: determines if this job should search the directory of downloaded artifacts for
21+
# 'tar.gz' and 'zip' archive files and extract them before running SDL validation tasks.
22+
extractArchiveArtifacts:false
23+
dependsOn:''# Optional: dependencies of the job
24+
artifactNames:''# Optional: patterns supplied to DownloadBuildArtifacts
25+
# Usage:
26+
# artifactNames:
27+
# - 'BlobArtifacts'
28+
# - 'Artifacts_Windows_NT_Release'
29+
# Optional: download a list of pipeline artifacts. 'downloadArtifacts' controls build artifacts,
30+
# not pipeline artifacts, so doesn't affect the use of this parameter.
31+
pipelineArtifactNames:[]
32+
33+
jobs:
34+
-job:Run_SDL
35+
dependsOn:${{ parameters.dependsOn }}
36+
displayName:Run SDL tool
37+
condition:and(succeededOrFailed(), eq( ${{ parameters.enable }}, 'true'))
38+
variables:
39+
-group:DotNet-VSTS-Bot
40+
-name:AzDOProjectName
41+
value:${{ parameters.AzDOProjectName }}
42+
-name:AzDOPipelineId
43+
value:${{ parameters.AzDOPipelineId }}
44+
-name:AzDOBuildId
45+
value:${{ parameters.AzDOBuildId }}
46+
-template:/eng/common/templates/variables/sdl-variables.yml
47+
-name:GuardianVersion
48+
value:${{ coalesce(parameters.overrideGuardianVersion, '$(DefaultGuardianVersion)') }}
49+
-template:/eng/common/templates/variables/pool-providers.yml
50+
pool:
51+
# We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
52+
${{ if eq(variables['System.TeamProject'], 'DevDiv') }}:
53+
name:VSEngSS-MicroBuild2022-1ES
54+
demands:Cmd
55+
# If it's not devdiv, it's dnceng
56+
${{ if ne(variables['System.TeamProject'], 'DevDiv') }}:
57+
name:$(DncEngInternalBuildPool)
58+
demands:ImageOverride -equals windows.vs2019.amd64
59+
steps:
60+
-checkout:self
61+
clean:true
62+
63+
# If the template caller didn't provide an AzDO parameter, set them all up as Maestro vars.
64+
-${{ if not(and(parameters.AzDOProjectName, parameters.AzDOPipelineId, parameters.AzDOBuildId)) }}:
65+
-template:/eng/common/templates/post-build/setup-maestro-vars.yml
66+
67+
-${{ if ne(parameters.downloadArtifacts, 'false')}}:
68+
-${{ if ne(parameters.artifactNames, '') }}:
69+
-${{ each artifactName in parameters.artifactNames }}:
70+
-task:DownloadBuildArtifacts@0
71+
displayName:Download Build Artifacts
72+
inputs:
73+
buildType:specific
74+
buildVersionToDownload:specific
75+
project:$(AzDOProjectName)
76+
pipeline:$(AzDOPipelineId)
77+
buildId:$(AzDOBuildId)
78+
artifactName:${{ artifactName }}
79+
downloadPath:$(Build.ArtifactStagingDirectory)\artifacts
80+
checkDownloadedFiles:true
81+
-${{ if eq(parameters.artifactNames, '') }}:
82+
-task:DownloadBuildArtifacts@0
83+
displayName:Download Build Artifacts
84+
inputs:
85+
buildType:specific
86+
buildVersionToDownload:specific
87+
project:$(AzDOProjectName)
88+
pipeline:$(AzDOPipelineId)
89+
buildId:$(AzDOBuildId)
90+
downloadType:specific files
91+
itemPattern:"**"
92+
downloadPath:$(Build.ArtifactStagingDirectory)\artifacts
93+
checkDownloadedFiles:true
94+
95+
-${{ each artifactName in parameters.pipelineArtifactNames }}:
96+
-task:DownloadPipelineArtifact@2
97+
displayName:Download Pipeline Artifacts
98+
inputs:
99+
buildType:specific
100+
buildVersionToDownload:specific
101+
project:$(AzDOProjectName)
102+
pipeline:$(AzDOPipelineId)
103+
buildId:$(AzDOBuildId)
104+
artifactName:${{ artifactName }}
105+
downloadPath:$(Build.ArtifactStagingDirectory)\artifacts
106+
checkDownloadedFiles:true
107+
108+
-powershell:eng/common/sdl/extract-artifact-packages.ps1
109+
-InputPath $(Build.ArtifactStagingDirectory)\artifacts\BlobArtifacts
110+
-ExtractPath $(Build.ArtifactStagingDirectory)\artifacts\BlobArtifacts
111+
displayName:Extract Blob Artifacts
112+
continueOnError:${{ parameters.sdlContinueOnError }}
113+
114+
-powershell:eng/common/sdl/extract-artifact-packages.ps1
115+
-InputPath $(Build.ArtifactStagingDirectory)\artifacts\PackageArtifacts
116+
-ExtractPath $(Build.ArtifactStagingDirectory)\artifacts\PackageArtifacts
117+
displayName:Extract Package Artifacts
118+
continueOnError:${{ parameters.sdlContinueOnError }}
119+
120+
-${{ if ne(parameters.extractArchiveArtifacts, 'false') }}:
121+
-powershell:eng/common/sdl/extract-artifact-archives.ps1
122+
-InputPath $(Build.ArtifactStagingDirectory)\artifacts
123+
-ExtractPath $(Build.ArtifactStagingDirectory)\artifacts
124+
displayName:Extract Archive Artifacts
125+
continueOnError:${{ parameters.sdlContinueOnError }}
126+
127+
-template:/eng/common/templates/steps/execute-sdl.yml
128+
parameters:
129+
overrideGuardianVersion:${{ parameters.overrideGuardianVersion }}
130+
executeAllSdlToolsScript:${{ parameters.executeAllSdlToolsScript }}
131+
overrideParameters:${{ parameters.overrideParameters }}
132+
additionalParameters:${{ parameters.additionalParameters }}
133+
publishGuardianDirectoryToPipeline:${{ parameters.publishGuardianDirectoryToPipeline }}
134+
sdlContinueOnError:${{ parameters.sdlContinueOnError }}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp