diff --git a/.github/prquantifier.yaml b/.github/prquantifier.yaml index 240f660f88d..ea891ba4988 100644 --- a/.github/prquantifier.yaml +++ b/.github/prquantifier.yaml @@ -7,5 +7,5 @@ Excluded: - '*.md' - '*.sln' # autogenerated files -- cgmanifest.json +- tools/cgmanifest.json - assets/wix/files.wxs diff --git a/.vsts-ci/linux.yml b/.vsts-ci/linux.yml index 38aea5a9450..9faa155f74d 100644 --- a/.vsts-ci/linux.yml +++ b/.vsts-ci/linux.yml @@ -30,7 +30,7 @@ pr: - .vsts-ci/misc-analysis.yml - .vsts-ci/windows.yml - .vsts-ci/windows/* - - cgmanifest.json + - tools/cgmanifest.json - LICENSE.txt - test/common/markdown/* - test/perf/* diff --git a/.vsts-ci/mac.yml b/.vsts-ci/mac.yml index 89ada776403..c4623c9fef0 100644 --- a/.vsts-ci/mac.yml +++ b/.vsts-ci/mac.yml @@ -31,7 +31,7 @@ pr: - .vsts-ci/misc-analysis.yml - .vsts-ci/windows.yml - .vsts-ci/windows/* - - cgmanifest.json + - tools/cgmanifest.json - LICENSE.txt - test/common/markdown/* - test/perf/* diff --git a/.vsts-ci/misc-analysis/mdSpell.yml b/.vsts-ci/misc-analysis/mdSpell.yml index e07b4756968..e9d046e5e96 100644 --- a/.vsts-ci/misc-analysis/mdSpell.yml +++ b/.vsts-ci/misc-analysis/mdSpell.yml @@ -53,4 +53,4 @@ jobs: - template: dailyBuildCompliance.yml@ComplianceRepo parameters: - sourceScanPath: '$(repoPath)' + sourceScanPath: '$(repoPath)/test/common' diff --git a/.vsts-ci/windows.yml b/.vsts-ci/windows.yml index f17a063998e..f886d2bd337 100644 --- a/.vsts-ci/windows.yml +++ b/.vsts-ci/windows.yml @@ -28,7 +28,7 @@ pr: - .dependabot/config.yml - .github/ISSUE_TEMPLATE/* - .vsts-ci/misc-analysis.yml - - cgmanifest.json + - tools/cgmanifest.json - LICENSE.txt - test/common/markdown/* - test/perf/* diff --git a/.vsts-ci/windows/templates/windows-packaging.yml b/.vsts-ci/windows/templates/windows-packaging.yml index 353d722bb92..88a557ca032 100644 --- a/.vsts-ci/windows/templates/windows-packaging.yml +++ b/.vsts-ci/windows/templates/windows-packaging.yml @@ -69,6 +69,7 @@ jobs: BuildDropPath: '$(System.ArtifactsDirectory)/mainBuild' Build_Repository_Uri: $(build.repository.uri) displayName: SBOM + sourceScanPath: '$(repoPath)\tools' - pwsh: | Import-Module .\tools\ci.psm1 diff --git a/cgmanifest.json b/tools/cgmanifest.json similarity index 100% rename from cgmanifest.json rename to tools/cgmanifest.json diff --git a/tools/findMissingNotices.ps1 b/tools/findMissingNotices.ps1 index f66f88f1295..275116da79b 100644 --- a/tools/findMissingNotices.ps1 +++ b/tools/findMissingNotices.ps1 @@ -14,7 +14,8 @@ Import-Module "$PSScriptRoot\..\.github\workflows\GHWorkflowHelper" -Force . "$PSScriptRoot\..\tools\buildCommon\startNativeExecution.ps1" $existingRegistrationTable = @{} -$existingRegistrationsJson = Get-Content $PSScriptRoot\..\cgmanifest.json | ConvertFrom-Json -AsHashtable +$cgManifestPath = (Resolve-Path -Path $PSScriptRoot\..\tools\cgmanifest.json).ProviderPath +$existingRegistrationsJson = Get-Content $cgManifestPath | ConvertFrom-Json -AsHashtable $existingRegistrationsJson.Registrations | ForEach-Object { $registration = [Registration]$_ if ($registration.Component) { @@ -269,7 +270,6 @@ $newRegistrations = $registrations.Keys | Sort-Object | ForEach-Object { $regist $count = $newRegistrations.Count $newJson = @{Registrations = $newRegistrations } | ConvertTo-Json -depth 99 if ($Fix -and $registrationChanged) { - $cgManifestPath = (Resolve-Path -Path $PSScriptRoot\..\cgmanifest.json).ProviderPath $newJson | Set-Content $cgManifestPath Set-GWVariable -Name CGMANIFEST_PATH -Value $cgManifestPath } diff --git a/tools/releaseBuild/azureDevOps/templates/SetVersionVariables.yml b/tools/releaseBuild/azureDevOps/templates/SetVersionVariables.yml index 4376c4a1e58..dd9252a406f 100644 --- a/tools/releaseBuild/azureDevOps/templates/SetVersionVariables.yml +++ b/tools/releaseBuild/azureDevOps/templates/SetVersionVariables.yml @@ -16,21 +16,31 @@ steps: - powershell: | $path = "./build.psm1" + if($env:REPOROOT){ + Write-Verbose "reporoot already set to ${env:REPOROOT}" -Verbose + exit 0 + } + if(Test-Path -Path $path) { - $vstsCommandString = "vso[task.setvariable variable=repoRoot]." - Write-Host ("sending " + $vstsCommandString) - Write-Host "##$vstsCommandString" + Write-Verbose "reporoot detect at: ." -Verbose + $repoRoot = '.' } else{ $path = "./PowerShell/build.psm1" if(Test-Path -Path $path) { - $vstsCommandString = "vso[task.setvariable variable=repoRoot]./PowerShell" - Write-Host ("sending " + $vstsCommandString) - Write-Host "##$vstsCommandString" + Write-Verbose "reporoot detect at: ./PowerShell" -Verbose + $repoRoot = './PowerShell' } } + if($repoRoot) { + $vstsCommandString = "vso[task.setvariable variable=repoRoot]$repoRoot" + Write-Host ("sending " + $vstsCommandString) + Write-Host "##$vstsCommandString" + } else { + Write-Verbose -Verbose "repo not found" + } displayName: 'Set repo Root' - powershell: | diff --git a/tools/releaseBuild/azureDevOps/templates/compliance.yml b/tools/releaseBuild/azureDevOps/templates/compliance.yml index 8b3ec94d0d1..2572882e880 100644 --- a/tools/releaseBuild/azureDevOps/templates/compliance.yml +++ b/tools/releaseBuild/azureDevOps/templates/compliance.yml @@ -138,5 +138,5 @@ jobs: - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' inputs: - sourceScanPath: '$(Build.SourcesDirectory)' + sourceScanPath: '$(Build.SourcesDirectory)\tools' snapshotForceEnabled: true diff --git a/tools/releaseBuild/azureDevOps/templates/compliance/compliance.yml b/tools/releaseBuild/azureDevOps/templates/compliance/compliance.yml index 4d1007957c8..50a133257dd 100644 --- a/tools/releaseBuild/azureDevOps/templates/compliance/compliance.yml +++ b/tools/releaseBuild/azureDevOps/templates/compliance/compliance.yml @@ -86,5 +86,5 @@ jobs: - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' inputs: - sourceScanPath: '$(Build.SourcesDirectory)' + sourceScanPath: '$(Build.SourcesDirectory)\tools' snapshotForceEnabled: true diff --git a/tools/releaseBuild/azureDevOps/templates/compliance/generateNotice.yml b/tools/releaseBuild/azureDevOps/templates/compliance/generateNotice.yml index 3002c18bdb4..00ffccb1d23 100644 --- a/tools/releaseBuild/azureDevOps/templates/compliance/generateNotice.yml +++ b/tools/releaseBuild/azureDevOps/templates/compliance/generateNotice.yml @@ -43,8 +43,7 @@ jobs: - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' inputs: - sourceScanPath: '$(Build.SourcesDirectory)' - ignoreDirectories: '$(Build.SourcesDirectory)\test,$(Build.SourcesDirectory)\docs' + sourceScanPath: '$(Build.SourcesDirectory)\tools' - task: msospo.ospo-extension.8d7f9abb-6896-461d-9e25-4f74ed65ddb2.notice@0 displayName: 'NOTICE File Generator' @@ -82,9 +81,3 @@ jobs: targetPath: $(System.ArtifactsDirectory) artifactName: notice displayName: Publish notice artifacts - - - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 - displayName: 'Component Detection' - inputs: - sourceScanPath: '$(Build.SourcesDirectory)' - snapshotForceEnabled: true diff --git a/tools/releaseBuild/azureDevOps/templates/json.yml b/tools/releaseBuild/azureDevOps/templates/json.yml index 570a658756a..34d329ee7f7 100644 --- a/tools/releaseBuild/azureDevOps/templates/json.yml +++ b/tools/releaseBuild/azureDevOps/templates/json.yml @@ -51,5 +51,5 @@ jobs: - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' inputs: - sourceScanPath: '$(Build.SourcesDirectory)' + sourceScanPath: '$(Build.SourcesDirectory)\tools' snapshotForceEnabled: true diff --git a/tools/releaseBuild/azureDevOps/templates/linux.yml b/tools/releaseBuild/azureDevOps/templates/linux.yml index 353f6e2431c..7cbe62a5880 100644 --- a/tools/releaseBuild/azureDevOps/templates/linux.yml +++ b/tools/releaseBuild/azureDevOps/templates/linux.yml @@ -76,6 +76,9 @@ jobs: BuildDropPath: '$(System.ArtifactsDirectory)/pwshLinuxBuild' Build_Repository_Uri: $(Github_Build_Repository_Uri) displayName: ${{ parameters.buildName }} SBOM + PackageName: PowerShell Linux + PackageVersion: $(Version) + sourceScanPath: '$(PowerShellRoot)/tools' - ${{ if eq(variables.build,'deb') }} : - template: Sbom.yml@ComplianceRepo @@ -83,6 +86,9 @@ jobs: BuildDropPath: '$(System.ArtifactsDirectory)/pwshLinuxBuildMinSize' Build_Repository_Uri: $(Github_Build_Repository_Uri) displayName: MinSize SBOM + PackageName: PowerShell Linux Minimum Size + PackageVersion: $(Version) + sourceScanPath: '$(PowerShellRoot)/tools' - ${{ if eq(variables.build,'deb') }} : - template: Sbom.yml@ComplianceRepo @@ -90,6 +96,9 @@ jobs: BuildDropPath: '$(System.ArtifactsDirectory)/pwshLinuxBuildArm32' Build_Repository_Uri: $(Github_Build_Repository_Uri) displayName: Arm32 SBOM + PackageName: PowerShell Linux Arm32 + PackageVersion: $(Version) + sourceScanPath: '$(PowerShellRoot)/tools' - ${{ if eq(variables.build,'deb') }} : - template: Sbom.yml@ComplianceRepo @@ -97,6 +106,9 @@ jobs: BuildDropPath: '$(System.ArtifactsDirectory)/pwshLinuxBuildArm64' Build_Repository_Uri: $(Github_Build_Repository_Uri) displayName: Arm64 SBOM + PackageName: PowerShell Linux Arm64 + PackageVersion: $(Version) + sourceScanPath: '$(PowerShellRoot)/tools' - powershell: | Import-Module "$env:POWERSHELLROOT/build.psm1" @@ -148,6 +160,8 @@ jobs: value: false - name: NugetSecurityAnalysisWarningLevel value: none + - name: skipComponentGovernanceDetection + value: true steps: - checkout: self @@ -297,9 +311,3 @@ jobs: parameters: artifactPath: '$(Build.StagingDirectory)\signedPackages\release' condition: and(and(succeeded(), eq(variables['SHOULD_SIGN'], 'true')),eq(variables['buildName'], 'RPM')) - - - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 - displayName: 'Component Detection' - inputs: - sourceScanPath: '$(Build.SourcesDirectory)' - snapshotForceEnabled: true diff --git a/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml b/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml index 1f43d39ab61..c6b1b1b8b9c 100644 --- a/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml +++ b/tools/releaseBuild/azureDevOps/templates/mac-file-signing.yml @@ -10,19 +10,28 @@ jobs: name: PowerShell1ES demands: - ImageOverride -equals MMS2019 + variables: - group: ESRP - name: runCodesignValidationInjection value: false - name: NugetSecurityAnalysisWarningLevel value: none + - name: repoFolder + value: PowerShell + - name: repoRoot + value: $(Agent.BuildDirectory)\$(repoFolder) + - name: complianceRepoFolder + value: compliance steps: - checkout: self clean: true + path: $(repoFolder) - checkout: ComplianceRepo clean: true + path: $(complianceRepoFolder) - template: SetVersionVariables.yml parameters: @@ -107,5 +116,5 @@ jobs: - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' inputs: - sourceScanPath: '$(Build.SourcesDirectory)' + sourceScanPath: '$(repoRoot)\tools' snapshotForceEnabled: true diff --git a/tools/releaseBuild/azureDevOps/templates/mac-package-build.yml b/tools/releaseBuild/azureDevOps/templates/mac-package-build.yml index ae828c66709..ef16761f707 100644 --- a/tools/releaseBuild/azureDevOps/templates/mac-package-build.yml +++ b/tools/releaseBuild/azureDevOps/templates/mac-package-build.yml @@ -85,6 +85,9 @@ jobs: parameters: BuildDropPath: '$(System.ArtifactsDirectory)/$(SymbolsFolder)' Build_Repository_Uri: $(Github_Build_Repository_Uri) + PackageName: PowerShell macOS ${{ parameters.buildArchitecture }} + PackageVersion: $(Version) + sourceScanPath: '$(PowerShellRoot)/tools' - pwsh: | Import-Module $(PowerShellRoot)/build.psm1 -Force @@ -118,5 +121,5 @@ jobs: - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' inputs: - sourceScanPath: '$(Build.SourcesDirectory)' + sourceScanPath: '$(PowerShellRoot)/tools' snapshotForceEnabled: true diff --git a/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml b/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml index cba0ed6f9c3..5408cf5922a 100644 --- a/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml +++ b/tools/releaseBuild/azureDevOps/templates/mac-package-signing.yml @@ -16,12 +16,21 @@ jobs: value: false - name: NugetSecurityAnalysisWarningLevel value: none + - name: repoFolder + value: PowerShell + - name: repoRoot + value: $(Agent.BuildDirectory)\$(repoFolder) + - name: complianceRepoFolder + value: compliance + steps: - checkout: self clean: true + path: $(repoFolder) - checkout: ComplianceRepo clean: true + path: $(complianceRepoFolder) - template: shouldSign.yml @@ -119,5 +128,5 @@ jobs: - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' inputs: - sourceScanPath: '$(Build.SourcesDirectory)' + sourceScanPath: '$(repoRoot)/tools' snapshotForceEnabled: true diff --git a/tools/releaseBuild/azureDevOps/templates/mac.yml b/tools/releaseBuild/azureDevOps/templates/mac.yml index 3e3b3fc2340..9634c3bdb57 100644 --- a/tools/releaseBuild/azureDevOps/templates/mac.yml +++ b/tools/releaseBuild/azureDevOps/templates/mac.yml @@ -57,5 +57,5 @@ jobs: - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' inputs: - sourceScanPath: '$(Build.SourcesDirectory)' + sourceScanPath: '$(Build.SourcesDirectory)/tools' snapshotForceEnabled: true diff --git a/tools/releaseBuild/azureDevOps/templates/nuget.yml b/tools/releaseBuild/azureDevOps/templates/nuget.yml index 467968b5a3a..59d790bc4dd 100644 --- a/tools/releaseBuild/azureDevOps/templates/nuget.yml +++ b/tools/releaseBuild/azureDevOps/templates/nuget.yml @@ -253,4 +253,4 @@ jobs: - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' inputs: - sourceScanPath: '$(PackagePath)' + sourceScanPath: '$(repoRoot)\tools' diff --git a/tools/releaseBuild/azureDevOps/templates/windows-hosted-build.yml b/tools/releaseBuild/azureDevOps/templates/windows-hosted-build.yml index de08cb25824..00b8a4c8cf4 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-hosted-build.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-hosted-build.yml @@ -76,5 +76,5 @@ jobs: - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' inputs: - sourceScanPath: '$(PowerShellRoot)' + sourceScanPath: '$(PowerShellRoot)\tools' snapshotForceEnabled: true diff --git a/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml b/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml index dd547da6a60..f78130c1f22 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-package-signing.yml @@ -15,13 +15,21 @@ jobs: - name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE value: 1 - group: ESRP + - name: repoFolder + value: PowerShell + - name: repoRoot + value: $(Agent.BuildDirectory)\$(repoFolder) + - name: complianceRepoFolder + value: compliance steps: - checkout: self clean: true + path: $(repoFolder) - checkout: ComplianceRepo clean: true + path: $(complianceRepoFolder) - template: SetVersionVariables.yml parameters: @@ -124,5 +132,5 @@ jobs: - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' inputs: - sourceScanPath: '$(Build.SourcesDirectory)' + sourceScanPath: '$(repoRoot)\tools' snapshotForceEnabled: true diff --git a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml index f2b0e091f0c..7de4859b63d 100644 --- a/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml +++ b/tools/releaseBuild/azureDevOps/templates/windows-packaging.yml @@ -227,6 +227,9 @@ jobs: parameters: BuildDropPath: '$(System.ArtifactsDirectory)\$(SymbolsFolder)' Build_Repository_Uri: $(Github_Build_Repository_Uri) + PackageName: PowerShell Windows ${{ parameters.Architecture }} ${{ parameters.BuildConfiguration }} + PackageVersion: $(Version) + sourceScanPath: '$(PowerShellRoot)\tools' - powershell: | Import-Module $(PowerShellRoot)/build.psm1 -Force @@ -357,7 +360,7 @@ jobs: - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 displayName: 'Component Detection' inputs: - sourceScanPath: '$(Build.SourcesDirectory)' + sourceScanPath: '$(PowerShellRoot)\tools' snapshotForceEnabled: true - powershell: |