[ApiScan] Store log files and error on issues.

jpobst · jpobst · commit cb2eb58ec15b · 2024-01-04T07:55:15.000-10:00
diff --git a/build/ci/api-scan.yml b/build/ci/api-scan.yml
@@ -14,15 +14,24 @@ steps:
     TargetFolder: ${{ parameters.apiScanDirectory }}
     OverWrite: true
     flattenFolders: true
-  condition: and(succeeded(), eq(variables['runAPIScan'], 'true'), eq('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
+  condition: and(succeeded(), eq(variables['runAPIScan'], 'true'), ne('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
+ 
+- task: CmdLine@2
+  displayName: 'Remove System assemblies from APIScan'
+  inputs:
+    script: |
+      del ${{ parameters.apiScanDirectory }}\System.*
+      del ${{ parameters.apiScanDirectory }}\mscorlib.dll
+      del ${{ parameters.apiScanDirectory }}\netstandard.dll
+  condition: and(succeeded(), eq(variables['runAPIScan'], 'true'), ne('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
 
 - task: CmdLine@2
   displayName: 'List Files for APIScan'
   inputs:
     script: |
       tree ${{ parameters.apiScanDirectory }} /f        
-  condition: and(succeeded(), eq(variables['runAPIScan'], 'true'), eq('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
-        
+  condition: and(succeeded(), eq(variables['runAPIScan'], 'true'), ne('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
+       
  ### Run latest version of APIScan listed at https://www.1eswiki.com/wiki/APIScan_Build_Task
 - task: APIScan@2
   displayName: Run APIScan
@@ -32,6 +41,31 @@ steps:
     softwareVersionNum: '$(Build.BuildId)'
     isLargeApp: true
     toolVersion: Latest
-  condition: and(succeeded(), eq(variables['runAPIScan'], 'true'), eq('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
+  condition: and(succeeded(), eq(variables['runAPIScan'], 'true'), ne('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
   env:
     AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
+
+- task: SdtReport@2
+  displayName: Guardian Export - Security Report
+  inputs:
+    GdnExportAllTools: false
+    GdnExportGdnToolApiScan: true
+    GdnExportOutputSuppressionFile: source.gdnsuppress
+  condition: and(eq(variables['runAPIScan'], 'true'), ne('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
+
+- task: PublishSecurityAnalysisLogs@3
+  displayName: Publish Guardian Artifacts
+  inputs:
+    ArtifactName: APIScan Logs
+    ArtifactType: Container
+    AllTools: false
+    APIScan: true
+    ToolLogsNotFoundAction: Warning
+  condition: and(eq(variables['runAPIScan'], 'true'), ne('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
+
+- task: PostAnalysis@2
+  displayName: Fail Build on Guardian Issues
+  inputs:
+    GdnBreakAllTools: false
+    GdnBreakGdnToolApiScan: true
+  condition: and(eq(variables['runAPIScan'], 'true'), ne('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
