From 7400f082165651833ac8d14329774ca29dc4aa1d Mon Sep 17 00:00:00 2001 From: Todd Lair Date: Mon, 5 Feb 2024 13:44:25 -0600 Subject: [PATCH 1/3] Trying to fix Veracode SCA scans --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index be91e43..c9cdeb5 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -43,7 +43,7 @@ steps: inputs: targetType: inline script: > - $Env:SRCCLR_API_TOKEN="$(SRCCLR_API_TOKEN)"; Set-ExecutionPolicy AllSigned -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://download.sourceclear.com/ci.ps1')); srcclr scan .\Src\StackifyLib; + $Env:SRCCLR_API_TOKEN="$(SRCCLR_API_TOKEN)"; Set-ExecutionPolicy AllSigned -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://download.srcclr.com/ci.ps1')); srcclr scan .\Src\StackifyLib; - task: DownloadSecureFile@1 name: SNK displayName: Download Strong Name Key From 73ca411c82ef2eab1b711d34c3888b759c30dda9 Mon Sep 17 00:00:00 2001 From: Todd Lair Date: Mon, 5 Feb 2024 14:01:00 -0600 Subject: [PATCH 2/3] Testing stages for building on different agents --- azure-pipelines.yml | 544 ++++++++++++++++++++++++++++++-------------- 1 file changed, 367 insertions(+), 177 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index c9cdeb5..86fbb4c 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -27,180 +27,370 @@ parameters: variables: - group: code-signing -steps: - - checkout: self - clean: true - lfs: true - - task: AzureKeyVault@2 - displayName: 'Azure Key Vault: keyvault-build-resources' - inputs: - ConnectedServiceName: 514ed7d6-3846-4422-8013-af27483dd22c - KeyVaultName: keyvault-build-resources - RunAsPreJob: true - - task: PowerShell@2 - displayName: 'Veracode SCA Scan' - condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCA }}', 'true')) - inputs: - targetType: inline - script: > - $Env:SRCCLR_API_TOKEN="$(SRCCLR_API_TOKEN)"; Set-ExecutionPolicy AllSigned -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://download.srcclr.com/ci.ps1')); srcclr scan .\Src\StackifyLib; - - task: DownloadSecureFile@1 - name: SNK - displayName: Download Strong Name Key - inputs: - secureFile: 9d810a2d-d090-431c-9012-df939a4b1afe - - task: PowerShell@2 - displayName: Move Signing Key To Project Directory - inputs: - targetType: inline - filePath: Src/StackifyLib - script: | - # Write your PowerShell commands here. - ls - Move-Item $(SNK.secureFilePath) Src/StackifyLib/Netreo.snk - - task: PowerShell@2 - displayName: Update csproj for .snk - inputs: - targetType: inline - script: > - (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib','StackifyLib.signed' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj -Encoding utf8 - - # note: the signing attribute here is commented out so we can build locally - - powershell: | - $filename = Get-ChildItem ".\src\*\AssemblyInfo.cs" -Recurse - $filename | %{ - (gc $_) -replace ([regex]::Escape("//[assembly: AssemblyKeyFile")), "[assembly: AssemblyKeyFile" | Set-Content $_.FullName -Encoding utf8 - } - displayName: Uncoment signing attribute - - - task: DotNetCoreCLI@2 - displayName: dotnet restore - inputs: - command: restore - restoreArguments: .\Src - - task: DotNetCoreCLI@2 - displayName: dotnet build - inputs: - projects: | - Src\StackifyLib\*.csproj - Src\StackifyLib.AspNetCore\*.csproj - Src\StackifyLib.CoreLogger\*.csproj - Src\StackifyLib.log4net\*.csproj - Src\Nlog.Targets.Stackify\*.csproj - Src\NLog.Web.Stackify\*.csproj - Src\StackifyLib.StackifyTraceListener\*.csproj - arguments: '-c $(BuildConfiguration)' - - task: DotNetCoreCLI@2 - displayName: dotnet pack signed stackify lib - inputs: - command: pack - searchPatternPack: Src\StackifyLib\*.csproj; - nobuild: true - - task: DotNetCoreCLI@2 - continueOnError: true - inputs: - command: 'custom' - custom: 'tool' - arguments: 'install --global NuGetKeyVaultSignTool' - displayName: Install NuGetKeyVaultSignTool - - task: CmdLine@2 - displayName: 'Sign nuget package' - inputs: - script: NuGetKeyVaultSignTool sign $(Build.ArtifactStagingDirectory)\StackifyLib.signed.*.nupkg -kvu "$(SigningVaultURL)" -kvi "$(SigningAppClientId)" -kvt "$(SigningAppTenantId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com - workingDirectory: $(Build.SourcesDirectory) - - task: PowerShell@2 - displayName: Rename signed assemblies - enabled: False - inputs: - targetType: inline - script: "$files = @(Get-ChildItem -Path . -File -Filter *.nupkg)\n\nforeach($file in $files) {\n $BaseFilename = $file.BaseName\n $BaseFilenameSplit = $file.BaseName.Split(\".\")\n $LastVersionDigit = \"\"\n $NewFilenameBase = \"\"\n $PackageVersion = \"\"\n $IsBeta = \"False\"\n if ($BaseFilename.contains(\"beta\")) {\n $IsBeta = \"True\"\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 6,1)\n }\n else {\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 1)\n }\n foreach($namePart in $BaseFilenameSplit) {\n if (!$namePart.contains(\"beta\") -and $namePart -notmatch \"^\\d+$\") {\n $NewFilenameBase = $NewFilenameBase + $namePart + \".\"\n } else {\n # check for beta\n if ($namePart.contains(\"beta\")) {\n $PackageVersion = $PackageVersion + $namePart.Substring(0,1)\n } else {\n $PackageVersion = $PackageVersion + $namePart\n }\n # check length to append a .\n if ($namePart -notmatch $LastVersionDigit) {\n $PackageVersion = $PackageVersion + \".\"\n }\n }\n }\n \n # check beta\n $FinalFilenameBase = \"\"\n if ($IsBeta -match \"True\") {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion + \"-beta\"\n } else {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion\n }\n $FinalFilename = $FinalFilenameBase + $file.Extension\n Rename-Item -Path $file -NewName $FinalFilename\n}" - workingDirectory: $(Build.ArtifactStagingDirectory) - - task: PublishPipelineArtifact@1 - displayName: Publish Pipeline Artifact - inputs: - path: $(Build.ArtifactStagingDirectory) - artifactName: Signed NuGet Packages - - task: PowerShell@2 - displayName: Delete signed assemblies - enabled: true - inputs: - targetType: inline - script: > - Remove-Item *.signed*.nupkg - workingDirectory: $(Build.ArtifactStagingDirectory) - - task: PowerShell@2 - displayName: Remove Sign Code - enabled: false - inputs: - targetType: filePath - arguments: '' - filePath: Scripts/RemoveSignCode.ps1 - workingDirectory: $(Build.SourcesDirectory) - - task: PowerShell@2 - displayName: Remove Sign Code Inline - inputs: - targetType: 'inline' - script: | - function Remove-SignCode { - param ( - $ASMFile - ) - Set-Content -Path $ASMFile -Value (Get-Content -Path $ASMFile | Select-String -Pattern AssemblyKeyFileAttribute -NotMatch ) - } - - $files = @(Get-ChildItem -Path . -Directory -Filter Stackify*) - - foreach ($file in $files) { - $asmInfo = Get-ChildItem -Path $file/Properties/AssemblyInfo.cs - Remove-SignCode -ASMFile $asmInfo - } - - task: PowerShell@2 - displayName: Update csproj for no .snk - inputs: - targetType: inline - script: > - (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib.signed','StackifyLib' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj - - task: DotNetCoreCLI@2 - displayName: dotnet build [Unsigned] - inputs: - projects: | - Src\StackifyLib\*.csproj - Src\StackifyLib.AspNetCore\*.csproj - Src\StackifyLib.CoreLogger\*.csproj - Src\StackifyLib.log4net\*.csproj - Src\Nlog.Targets.Stackify\*.csproj - Src\NLog.Web.Stackify\*.csproj - Src\StackifyLib.StackifyTraceListener\*.csproj - arguments: '-c $(BuildConfiguration)' - - task: DotNetCoreCLI@2 - displayName: dotnet pack copy [Unsigned] - inputs: - command: pack - searchPatternPack: 'Src\StackifyLib\*.csproj;Src\StackifyLib.AspNetCore\*.csproj;Src\StackifyLib.CoreLogger\*.csproj;Src\StackifyLib.log4net\*.csproj;Src\Nlog.Targets.Stackify\*.csproj;Src\NLog.Web.Stackify\*.csproj;Src\StackifyLib.StackifyTraceListener\*.csproj ' - nobuild: true - - task: PublishPipelineArtifact@1 - displayName: Publish Pipeline Artifact [Unsigned] - inputs: - path: $(Build.ArtifactStagingDirectory) - artifactName: Unsigned NuGet Packages - - task: PowerShell@2 - displayName: PowerShell Script - inputs: - targetType: inline - script: | - $xml = [Xml] (Get-Content .\Src\StackifyLib\StackifyLib.csproj) - $version = $xml.Project.PropertyGroup.Version - echo $version - $version = "$version".Trim() - echo "##vso[task.setvariable variable=version]$version" - echo "StackifyLib."$version".nupkg" - workingDirectory: $(Build.SourcesDirectory) - - task: Veracode@3 - displayName: 'Upload and scan: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg' - condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCAN }}', 'true')) - enabled: True - inputs: - AnalysisService: 51003f89-58ab-463c-8e20-41484888d9c7 - veracodeAppProfile: Retrace .Net StackifyLib - version: AZ-Devops-Build-$(build.buildNumber) - filepath: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg +stages: + - stage: FirstStage + jobs: + - job: Build + steps: + - checkout: self + clean: true + lfs: true + - task: AzureKeyVault@2 + displayName: 'Azure Key Vault: keyvault-build-resources' + inputs: + ConnectedServiceName: 514ed7d6-3846-4422-8013-af27483dd22c + KeyVaultName: keyvault-build-resources + RunAsPreJob: true + - task: DownloadSecureFile@1 + name: SNK + displayName: Download Strong Name Key + inputs: + secureFile: 9d810a2d-d090-431c-9012-df939a4b1afe + - task: PowerShell@2 + displayName: Move Signing Key To Project Directory + inputs: + targetType: inline + filePath: Src/StackifyLib + script: | + # Write your PowerShell commands here. + ls + Move-Item $(SNK.secureFilePath) Src/StackifyLib/Netreo.snk + - task: PowerShell@2 + displayName: Update csproj for .snk + inputs: + targetType: inline + script: > + (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib','StackifyLib.signed' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj -Encoding utf8 + + # note: the signing attribute here is commented out so we can build locally + - powershell: | + $filename = Get-ChildItem ".\src\*\AssemblyInfo.cs" -Recurse + $filename | %{ + (gc $_) -replace ([regex]::Escape("//[assembly: AssemblyKeyFile")), "[assembly: AssemblyKeyFile" | Set-Content $_.FullName -Encoding utf8 + } + displayName: Uncoment signing attribute + + - task: DotNetCoreCLI@2 + displayName: dotnet restore + inputs: + command: restore + restoreArguments: .\Src + - task: DotNetCoreCLI@2 + displayName: dotnet build + inputs: + projects: | + Src\StackifyLib\*.csproj + Src\StackifyLib.AspNetCore\*.csproj + Src\StackifyLib.CoreLogger\*.csproj + Src\StackifyLib.log4net\*.csproj + Src\Nlog.Targets.Stackify\*.csproj + Src\NLog.Web.Stackify\*.csproj + Src\StackifyLib.StackifyTraceListener\*.csproj + arguments: '-c $(BuildConfiguration)' + - task: DotNetCoreCLI@2 + displayName: dotnet pack signed stackify lib + inputs: + command: pack + searchPatternPack: Src\StackifyLib\*.csproj; + nobuild: true + - task: DotNetCoreCLI@2 + continueOnError: true + inputs: + command: 'custom' + custom: 'tool' + arguments: 'install --global NuGetKeyVaultSignTool' + displayName: Install NuGetKeyVaultSignTool + - task: CmdLine@2 + displayName: 'Sign nuget package' + inputs: + script: NuGetKeyVaultSignTool sign $(Build.ArtifactStagingDirectory)\StackifyLib.signed.*.nupkg -kvu "$(SigningVaultURL)" -kvi "$(SigningAppClientId)" -kvt "$(SigningAppTenantId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com + workingDirectory: $(Build.SourcesDirectory) + - task: PowerShell@2 + displayName: Rename signed assemblies + enabled: False + inputs: + targetType: inline + script: "$files = @(Get-ChildItem -Path . -File -Filter *.nupkg)\n\nforeach($file in $files) {\n $BaseFilename = $file.BaseName\n $BaseFilenameSplit = $file.BaseName.Split(\".\")\n $LastVersionDigit = \"\"\n $NewFilenameBase = \"\"\n $PackageVersion = \"\"\n $IsBeta = \"False\"\n if ($BaseFilename.contains(\"beta\")) {\n $IsBeta = \"True\"\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 6,1)\n }\n else {\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 1)\n }\n foreach($namePart in $BaseFilenameSplit) {\n if (!$namePart.contains(\"beta\") -and $namePart -notmatch \"^\\d+$\") {\n $NewFilenameBase = $NewFilenameBase + $namePart + \".\"\n } else {\n # check for beta\n if ($namePart.contains(\"beta\")) {\n $PackageVersion = $PackageVersion + $namePart.Substring(0,1)\n } else {\n $PackageVersion = $PackageVersion + $namePart\n }\n # check length to append a .\n if ($namePart -notmatch $LastVersionDigit) {\n $PackageVersion = $PackageVersion + \".\"\n }\n }\n }\n \n # check beta\n $FinalFilenameBase = \"\"\n if ($IsBeta -match \"True\") {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion + \"-beta\"\n } else {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion\n }\n $FinalFilename = $FinalFilenameBase + $file.Extension\n Rename-Item -Path $file -NewName $FinalFilename\n}" + workingDirectory: $(Build.ArtifactStagingDirectory) + - task: PublishPipelineArtifact@1 + displayName: Publish Pipeline Artifact + inputs: + path: $(Build.ArtifactStagingDirectory) + artifactName: Signed NuGet Packages + - task: PowerShell@2 + displayName: Delete signed assemblies + enabled: true + inputs: + targetType: inline + script: > + Remove-Item *.signed*.nupkg + workingDirectory: $(Build.ArtifactStagingDirectory) + - task: PowerShell@2 + displayName: Remove Sign Code + enabled: false + inputs: + targetType: filePath + arguments: '' + filePath: Scripts/RemoveSignCode.ps1 + workingDirectory: $(Build.SourcesDirectory) + - task: PowerShell@2 + displayName: Remove Sign Code Inline + inputs: + targetType: 'inline' + script: | + function Remove-SignCode { + param ( + $ASMFile + ) + Set-Content -Path $ASMFile -Value (Get-Content -Path $ASMFile | Select-String -Pattern AssemblyKeyFileAttribute -NotMatch ) + } + + $files = @(Get-ChildItem -Path . -Directory -Filter Stackify*) + + foreach ($file in $files) { + $asmInfo = Get-ChildItem -Path $file/Properties/AssemblyInfo.cs + Remove-SignCode -ASMFile $asmInfo + } + - task: PowerShell@2 + displayName: Update csproj for no .snk + inputs: + targetType: inline + script: > + (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib.signed','StackifyLib' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj + - task: DotNetCoreCLI@2 + displayName: dotnet build [Unsigned] + inputs: + projects: | + Src\StackifyLib\*.csproj + Src\StackifyLib.AspNetCore\*.csproj + Src\StackifyLib.CoreLogger\*.csproj + Src\StackifyLib.log4net\*.csproj + Src\Nlog.Targets.Stackify\*.csproj + Src\NLog.Web.Stackify\*.csproj + Src\StackifyLib.StackifyTraceListener\*.csproj + arguments: '-c $(BuildConfiguration)' + - task: DotNetCoreCLI@2 + displayName: dotnet pack copy [Unsigned] + inputs: + command: pack + searchPatternPack: 'Src\StackifyLib\*.csproj;Src\StackifyLib.AspNetCore\*.csproj;Src\StackifyLib.CoreLogger\*.csproj;Src\StackifyLib.log4net\*.csproj;Src\Nlog.Targets.Stackify\*.csproj;Src\NLog.Web.Stackify\*.csproj;Src\StackifyLib.StackifyTraceListener\*.csproj ' + nobuild: true + - task: PublishPipelineArtifact@1 + displayName: Publish Pipeline Artifact [Unsigned] + inputs: + path: $(Build.ArtifactStagingDirectory) + artifactName: Unsigned NuGet Packages + - task: PowerShell@2 + displayName: PowerShell Script + inputs: + targetType: inline + script: | + $xml = [Xml] (Get-Content .\Src\StackifyLib\StackifyLib.csproj) + $version = $xml.Project.PropertyGroup.Version + echo $version + $version = "$version".Trim() + echo "##vso[task.setvariable variable=version]$version" + echo "StackifyLib."$version".nupkg" + workingDirectory: $(Build.SourcesDirectory) + - task: Veracode@3 + displayName: 'Upload and scan: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg' + condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCAN }}', 'true')) + enabled: True + inputs: + AnalysisService: 51003f89-58ab-463c-8e20-41484888d9c7 + veracodeAppProfile: Retrace .Net StackifyLib + version: AZ-Devops-Build-$(build.buildNumber) + filepath: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg + + - job: SCA + pool: + vmImage: 'windows-latest' + steps: + - task: PowerShell@2 + inputs: + targetType: 'inline' + script: $Env:SRCCLR_API_TOKEN="$(SRCCLR_API_TOKEN)"; Set-ExecutionPolicy AllSigned -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://download.srcclr.com/ci.ps1')); srcclr scan --allow-dirty .; + condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCA }}', 'true')) + +#steps: +# - checkout: self +# clean: true +# lfs: true +# - task: AzureKeyVault@2 +# displayName: 'Azure Key Vault: keyvault-build-resources' +# inputs: +# ConnectedServiceName: 514ed7d6-3846-4422-8013-af27483dd22c +# KeyVaultName: keyvault-build-resources +# RunAsPreJob: true +# - task: PowerShell@2 +# inputs: +# targetType: 'inline' +# script: $Env:SRCCLR_API_TOKEN="$(SRCCLR_API_TOKEN)"; Set-ExecutionPolicy AllSigned -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://download.srcclr.com/ci.ps1')); srcclr scan --allow-dirty .; +# condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCA }}', 'true')) +# - task: PowerShell@2 +# displayName: 'Veracode SCA Scan' +# condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCA }}', 'true')) +# inputs: +# targetType: inline +# script: > +# $Env:SRCCLR_API_TOKEN="$(SRCCLR_API_TOKEN)"; Set-ExecutionPolicy AllSigned -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://download.srcclr.com/ci.ps1')); srcclr scan .\Src\StackifyLib; +# - task: DownloadSecureFile@1 +# name: SNK +# displayName: Download Strong Name Key +# inputs: +# secureFile: 9d810a2d-d090-431c-9012-df939a4b1afe +# - task: PowerShell@2 +# displayName: Move Signing Key To Project Directory +# inputs: +# targetType: inline +# filePath: Src/StackifyLib +# script: | +# # Write your PowerShell commands here. +# ls +# Move-Item $(SNK.secureFilePath) Src/StackifyLib/Netreo.snk +# - task: PowerShell@2 +# displayName: Update csproj for .snk +# inputs: +# targetType: inline +# script: > +# (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib','StackifyLib.signed' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj -Encoding utf8 +# +# # note: the signing attribute here is commented out so we can build locally +# - powershell: | +# $filename = Get-ChildItem ".\src\*\AssemblyInfo.cs" -Recurse +# $filename | %{ +# (gc $_) -replace ([regex]::Escape("//[assembly: AssemblyKeyFile")), "[assembly: AssemblyKeyFile" | Set-Content $_.FullName -Encoding utf8 +# } +# displayName: Uncoment signing attribute +# +# - task: DotNetCoreCLI@2 +# displayName: dotnet restore +# inputs: +# command: restore +# restoreArguments: .\Src +# - task: DotNetCoreCLI@2 +# displayName: dotnet build +# inputs: +# projects: | +# Src\StackifyLib\*.csproj +# Src\StackifyLib.AspNetCore\*.csproj +# Src\StackifyLib.CoreLogger\*.csproj +# Src\StackifyLib.log4net\*.csproj +# Src\Nlog.Targets.Stackify\*.csproj +# Src\NLog.Web.Stackify\*.csproj +# Src\StackifyLib.StackifyTraceListener\*.csproj +# arguments: '-c $(BuildConfiguration)' +# - task: DotNetCoreCLI@2 +# displayName: dotnet pack signed stackify lib +# inputs: +# command: pack +# searchPatternPack: Src\StackifyLib\*.csproj; +# nobuild: true +# - task: DotNetCoreCLI@2 +# continueOnError: true +# inputs: +# command: 'custom' +# custom: 'tool' +# arguments: 'install --global NuGetKeyVaultSignTool' +# displayName: Install NuGetKeyVaultSignTool +# - task: CmdLine@2 +# displayName: 'Sign nuget package' +# inputs: +# script: NuGetKeyVaultSignTool sign $(Build.ArtifactStagingDirectory)\StackifyLib.signed.*.nupkg -kvu "$(SigningVaultURL)" -kvi "$(SigningAppClientId)" -kvt "$(SigningAppTenantId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com +# workingDirectory: $(Build.SourcesDirectory) +# - task: PowerShell@2 +# displayName: Rename signed assemblies +# enabled: False +# inputs: +# targetType: inline +# script: "$files = @(Get-ChildItem -Path . -File -Filter *.nupkg)\n\nforeach($file in $files) {\n $BaseFilename = $file.BaseName\n $BaseFilenameSplit = $file.BaseName.Split(\".\")\n $LastVersionDigit = \"\"\n $NewFilenameBase = \"\"\n $PackageVersion = \"\"\n $IsBeta = \"False\"\n if ($BaseFilename.contains(\"beta\")) {\n $IsBeta = \"True\"\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 6,1)\n }\n else {\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 1)\n }\n foreach($namePart in $BaseFilenameSplit) {\n if (!$namePart.contains(\"beta\") -and $namePart -notmatch \"^\\d+$\") {\n $NewFilenameBase = $NewFilenameBase + $namePart + \".\"\n } else {\n # check for beta\n if ($namePart.contains(\"beta\")) {\n $PackageVersion = $PackageVersion + $namePart.Substring(0,1)\n } else {\n $PackageVersion = $PackageVersion + $namePart\n }\n # check length to append a .\n if ($namePart -notmatch $LastVersionDigit) {\n $PackageVersion = $PackageVersion + \".\"\n }\n }\n }\n \n # check beta\n $FinalFilenameBase = \"\"\n if ($IsBeta -match \"True\") {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion + \"-beta\"\n } else {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion\n }\n $FinalFilename = $FinalFilenameBase + $file.Extension\n Rename-Item -Path $file -NewName $FinalFilename\n}" +# workingDirectory: $(Build.ArtifactStagingDirectory) +# - task: PublishPipelineArtifact@1 +# displayName: Publish Pipeline Artifact +# inputs: +# path: $(Build.ArtifactStagingDirectory) +# artifactName: Signed NuGet Packages +# - task: PowerShell@2 +# displayName: Delete signed assemblies +# enabled: true +# inputs: +# targetType: inline +# script: > +# Remove-Item *.signed*.nupkg +# workingDirectory: $(Build.ArtifactStagingDirectory) +# - task: PowerShell@2 +# displayName: Remove Sign Code +# enabled: false +# inputs: +# targetType: filePath +# arguments: '' +# filePath: Scripts/RemoveSignCode.ps1 +# workingDirectory: $(Build.SourcesDirectory) +# - task: PowerShell@2 +# displayName: Remove Sign Code Inline +# inputs: +# targetType: 'inline' +# script: | +# function Remove-SignCode { +# param ( +# $ASMFile +# ) +# Set-Content -Path $ASMFile -Value (Get-Content -Path $ASMFile | Select-String -Pattern AssemblyKeyFileAttribute -NotMatch ) +# } +# +# $files = @(Get-ChildItem -Path . -Directory -Filter Stackify*) +# +# foreach ($file in $files) { +# $asmInfo = Get-ChildItem -Path $file/Properties/AssemblyInfo.cs +# Remove-SignCode -ASMFile $asmInfo +# } +# - task: PowerShell@2 +# displayName: Update csproj for no .snk +# inputs: +# targetType: inline +# script: > +# (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib.signed','StackifyLib' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj +# - task: DotNetCoreCLI@2 +# displayName: dotnet build [Unsigned] +# inputs: +# projects: | +# Src\StackifyLib\*.csproj +# Src\StackifyLib.AspNetCore\*.csproj +# Src\StackifyLib.CoreLogger\*.csproj +# Src\StackifyLib.log4net\*.csproj +# Src\Nlog.Targets.Stackify\*.csproj +# Src\NLog.Web.Stackify\*.csproj +# Src\StackifyLib.StackifyTraceListener\*.csproj +# arguments: '-c $(BuildConfiguration)' +# - task: DotNetCoreCLI@2 +# displayName: dotnet pack copy [Unsigned] +# inputs: +# command: pack +# searchPatternPack: 'Src\StackifyLib\*.csproj;Src\StackifyLib.AspNetCore\*.csproj;Src\StackifyLib.CoreLogger\*.csproj;Src\StackifyLib.log4net\*.csproj;Src\Nlog.Targets.Stackify\*.csproj;Src\NLog.Web.Stackify\*.csproj;Src\StackifyLib.StackifyTraceListener\*.csproj ' +# nobuild: true +# - task: PublishPipelineArtifact@1 +# displayName: Publish Pipeline Artifact [Unsigned] +# inputs: +# path: $(Build.ArtifactStagingDirectory) +# artifactName: Unsigned NuGet Packages +# - task: PowerShell@2 +# displayName: PowerShell Script +# inputs: +# targetType: inline +# script: | +# $xml = [Xml] (Get-Content .\Src\StackifyLib\StackifyLib.csproj) +# $version = $xml.Project.PropertyGroup.Version +# echo $version +# $version = "$version".Trim() +# echo "##vso[task.setvariable variable=version]$version" +# echo "StackifyLib."$version".nupkg" +# workingDirectory: $(Build.SourcesDirectory) +# - task: Veracode@3 +# displayName: 'Upload and scan: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg' +# condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCAN }}', 'true')) +# enabled: True +# inputs: +# AnalysisService: 51003f89-58ab-463c-8e20-41484888d9c7 +# veracodeAppProfile: Retrace .Net StackifyLib +# version: AZ-Devops-Build-$(build.buildNumber) +# filepath: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg From 349f2eb97a370935b63773551119afcc43972e4b Mon Sep 17 00:00:00 2001 From: Todd Lair Date: Mon, 5 Feb 2024 14:06:20 -0600 Subject: [PATCH 3/3] Removed commented lines --- azure-pipelines.yml | 183 -------------------------------------------- 1 file changed, 183 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 86fbb4c..5a34d54 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -211,186 +211,3 @@ stages: targetType: 'inline' script: $Env:SRCCLR_API_TOKEN="$(SRCCLR_API_TOKEN)"; Set-ExecutionPolicy AllSigned -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://download.srcclr.com/ci.ps1')); srcclr scan --allow-dirty .; condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCA }}', 'true')) - -#steps: -# - checkout: self -# clean: true -# lfs: true -# - task: AzureKeyVault@2 -# displayName: 'Azure Key Vault: keyvault-build-resources' -# inputs: -# ConnectedServiceName: 514ed7d6-3846-4422-8013-af27483dd22c -# KeyVaultName: keyvault-build-resources -# RunAsPreJob: true -# - task: PowerShell@2 -# inputs: -# targetType: 'inline' -# script: $Env:SRCCLR_API_TOKEN="$(SRCCLR_API_TOKEN)"; Set-ExecutionPolicy AllSigned -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://download.srcclr.com/ci.ps1')); srcclr scan --allow-dirty .; -# condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCA }}', 'true')) -# - task: PowerShell@2 -# displayName: 'Veracode SCA Scan' -# condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCA }}', 'true')) -# inputs: -# targetType: inline -# script: > -# $Env:SRCCLR_API_TOKEN="$(SRCCLR_API_TOKEN)"; Set-ExecutionPolicy AllSigned -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://download.srcclr.com/ci.ps1')); srcclr scan .\Src\StackifyLib; -# - task: DownloadSecureFile@1 -# name: SNK -# displayName: Download Strong Name Key -# inputs: -# secureFile: 9d810a2d-d090-431c-9012-df939a4b1afe -# - task: PowerShell@2 -# displayName: Move Signing Key To Project Directory -# inputs: -# targetType: inline -# filePath: Src/StackifyLib -# script: | -# # Write your PowerShell commands here. -# ls -# Move-Item $(SNK.secureFilePath) Src/StackifyLib/Netreo.snk -# - task: PowerShell@2 -# displayName: Update csproj for .snk -# inputs: -# targetType: inline -# script: > -# (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib','StackifyLib.signed' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj -Encoding utf8 -# -# # note: the signing attribute here is commented out so we can build locally -# - powershell: | -# $filename = Get-ChildItem ".\src\*\AssemblyInfo.cs" -Recurse -# $filename | %{ -# (gc $_) -replace ([regex]::Escape("//[assembly: AssemblyKeyFile")), "[assembly: AssemblyKeyFile" | Set-Content $_.FullName -Encoding utf8 -# } -# displayName: Uncoment signing attribute -# -# - task: DotNetCoreCLI@2 -# displayName: dotnet restore -# inputs: -# command: restore -# restoreArguments: .\Src -# - task: DotNetCoreCLI@2 -# displayName: dotnet build -# inputs: -# projects: | -# Src\StackifyLib\*.csproj -# Src\StackifyLib.AspNetCore\*.csproj -# Src\StackifyLib.CoreLogger\*.csproj -# Src\StackifyLib.log4net\*.csproj -# Src\Nlog.Targets.Stackify\*.csproj -# Src\NLog.Web.Stackify\*.csproj -# Src\StackifyLib.StackifyTraceListener\*.csproj -# arguments: '-c $(BuildConfiguration)' -# - task: DotNetCoreCLI@2 -# displayName: dotnet pack signed stackify lib -# inputs: -# command: pack -# searchPatternPack: Src\StackifyLib\*.csproj; -# nobuild: true -# - task: DotNetCoreCLI@2 -# continueOnError: true -# inputs: -# command: 'custom' -# custom: 'tool' -# arguments: 'install --global NuGetKeyVaultSignTool' -# displayName: Install NuGetKeyVaultSignTool -# - task: CmdLine@2 -# displayName: 'Sign nuget package' -# inputs: -# script: NuGetKeyVaultSignTool sign $(Build.ArtifactStagingDirectory)\StackifyLib.signed.*.nupkg -kvu "$(SigningVaultURL)" -kvi "$(SigningAppClientId)" -kvt "$(SigningAppTenantId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com -# workingDirectory: $(Build.SourcesDirectory) -# - task: PowerShell@2 -# displayName: Rename signed assemblies -# enabled: False -# inputs: -# targetType: inline -# script: "$files = @(Get-ChildItem -Path . -File -Filter *.nupkg)\n\nforeach($file in $files) {\n $BaseFilename = $file.BaseName\n $BaseFilenameSplit = $file.BaseName.Split(\".\")\n $LastVersionDigit = \"\"\n $NewFilenameBase = \"\"\n $PackageVersion = \"\"\n $IsBeta = \"False\"\n if ($BaseFilename.contains(\"beta\")) {\n $IsBeta = \"True\"\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 6,1)\n }\n else {\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 1)\n }\n foreach($namePart in $BaseFilenameSplit) {\n if (!$namePart.contains(\"beta\") -and $namePart -notmatch \"^\\d+$\") {\n $NewFilenameBase = $NewFilenameBase + $namePart + \".\"\n } else {\n # check for beta\n if ($namePart.contains(\"beta\")) {\n $PackageVersion = $PackageVersion + $namePart.Substring(0,1)\n } else {\n $PackageVersion = $PackageVersion + $namePart\n }\n # check length to append a .\n if ($namePart -notmatch $LastVersionDigit) {\n $PackageVersion = $PackageVersion + \".\"\n }\n }\n }\n \n # check beta\n $FinalFilenameBase = \"\"\n if ($IsBeta -match \"True\") {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion + \"-beta\"\n } else {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion\n }\n $FinalFilename = $FinalFilenameBase + $file.Extension\n Rename-Item -Path $file -NewName $FinalFilename\n}" -# workingDirectory: $(Build.ArtifactStagingDirectory) -# - task: PublishPipelineArtifact@1 -# displayName: Publish Pipeline Artifact -# inputs: -# path: $(Build.ArtifactStagingDirectory) -# artifactName: Signed NuGet Packages -# - task: PowerShell@2 -# displayName: Delete signed assemblies -# enabled: true -# inputs: -# targetType: inline -# script: > -# Remove-Item *.signed*.nupkg -# workingDirectory: $(Build.ArtifactStagingDirectory) -# - task: PowerShell@2 -# displayName: Remove Sign Code -# enabled: false -# inputs: -# targetType: filePath -# arguments: '' -# filePath: Scripts/RemoveSignCode.ps1 -# workingDirectory: $(Build.SourcesDirectory) -# - task: PowerShell@2 -# displayName: Remove Sign Code Inline -# inputs: -# targetType: 'inline' -# script: | -# function Remove-SignCode { -# param ( -# $ASMFile -# ) -# Set-Content -Path $ASMFile -Value (Get-Content -Path $ASMFile | Select-String -Pattern AssemblyKeyFileAttribute -NotMatch ) -# } -# -# $files = @(Get-ChildItem -Path . -Directory -Filter Stackify*) -# -# foreach ($file in $files) { -# $asmInfo = Get-ChildItem -Path $file/Properties/AssemblyInfo.cs -# Remove-SignCode -ASMFile $asmInfo -# } -# - task: PowerShell@2 -# displayName: Update csproj for no .snk -# inputs: -# targetType: inline -# script: > -# (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib.signed','StackifyLib' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj -# - task: DotNetCoreCLI@2 -# displayName: dotnet build [Unsigned] -# inputs: -# projects: | -# Src\StackifyLib\*.csproj -# Src\StackifyLib.AspNetCore\*.csproj -# Src\StackifyLib.CoreLogger\*.csproj -# Src\StackifyLib.log4net\*.csproj -# Src\Nlog.Targets.Stackify\*.csproj -# Src\NLog.Web.Stackify\*.csproj -# Src\StackifyLib.StackifyTraceListener\*.csproj -# arguments: '-c $(BuildConfiguration)' -# - task: DotNetCoreCLI@2 -# displayName: dotnet pack copy [Unsigned] -# inputs: -# command: pack -# searchPatternPack: 'Src\StackifyLib\*.csproj;Src\StackifyLib.AspNetCore\*.csproj;Src\StackifyLib.CoreLogger\*.csproj;Src\StackifyLib.log4net\*.csproj;Src\Nlog.Targets.Stackify\*.csproj;Src\NLog.Web.Stackify\*.csproj;Src\StackifyLib.StackifyTraceListener\*.csproj ' -# nobuild: true -# - task: PublishPipelineArtifact@1 -# displayName: Publish Pipeline Artifact [Unsigned] -# inputs: -# path: $(Build.ArtifactStagingDirectory) -# artifactName: Unsigned NuGet Packages -# - task: PowerShell@2 -# displayName: PowerShell Script -# inputs: -# targetType: inline -# script: | -# $xml = [Xml] (Get-Content .\Src\StackifyLib\StackifyLib.csproj) -# $version = $xml.Project.PropertyGroup.Version -# echo $version -# $version = "$version".Trim() -# echo "##vso[task.setvariable variable=version]$version" -# echo "StackifyLib."$version".nupkg" -# workingDirectory: $(Build.SourcesDirectory) -# - task: Veracode@3 -# displayName: 'Upload and scan: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg' -# condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCAN }}', 'true')) -# enabled: True -# inputs: -# AnalysisService: 51003f89-58ab-463c-8e20-41484888d9c7 -# veracodeAppProfile: Retrace .Net StackifyLib -# version: AZ-Devops-Build-$(build.buildNumber) -# filepath: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg