Skip to content

Commit

Permalink
update release build (#2405)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ciaozhang
ciaozhang authored Nov 16, 2023
1 parent c633486 commit 5c65369
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 20 deletions.
31 changes: 11 additions & 20 deletions build/releaseBuild.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,43 +111,39 @@ jobs:
**\bin\$(BuildConfiguration)\**\System.IdentityModel.Tokens.Jwt.pdb
TargetFolder: '$(Build.ArtifactStagingDirectory)\ProductBinaries'

- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@2
displayName: 'Run PoliCheck'
inputs:
targetType: F
result: PoliCheck.xml
optionsFC: 0
optionsXS: 0
optionsHMENABLE: 0

- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
displayName: 'Run CredScan'
inputs:
outputFormat: pre
suppressionsFile: 'build/credscan-exclusion.json'
debugMode: false

- task: securedevelopmentteam.vss-secure-development-tools.build-task-roslynanalyzers.RoslynAnalyzers@2
displayName: 'Run Roslyn Analyzers'
condition: eq(variables['TargetNet8'], 'False')

- task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@3
- task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@4
displayName: 'Run BinSkim'
inputs:
InputType: Basic
AnalyzeTarget: '$(Build.ArtifactStagingDirectory)\*.dll'
AnalyzeSymPath: '$(Build.ArtifactStagingDirectory)\ProductBinaries'
AnalyzeVerbose: true
AnalyzeHashes: true

- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
displayName: 'Publish Security Analysis Logs'
continueOnError: true

- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
displayName: 'Post SDL Analysis'
inputs:
BinSkim: true
CredScan: true
PoliCheck: true
continueOnError: true


Expand Down Expand Up @@ -201,17 +197,12 @@ jobs:
SymbolServerType: TeamServices
TreatNotIndexedAsWarning: true

- task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@1
- task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@2
displayName: 'TSA upload to Codebase: WILSON Stamp: Azure'
inputs:
tsaVersion: TsaV2
codeBaseName: WILSON
uploadAPIScan: false
uploadFortifySCA: false
uploadFxCop: false
uploadModernCop: false
uploadPREfast: false
uploadTSLint: false
GdnPublishTsaOnboard: false
GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)/build/tsaConfig.json'
continueOnError: true

- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
displayName: 'Manifest Generator '
Expand Down
19 changes: 19 additions & 0 deletions build/tsaConfig.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"codebaseName": "Unified .NET Core",
"notificationAliases": [
"[email protected]"
],
"codebaseAdmins": [
"EUROPE\\aadidagt"
],
"instanceUrl": "https://identitydivision.visualstudio.com",
"projectName": "IDDP",
"areaPath": "IDDP\\DevEx-Client-SDK\\DotNet",
"iterationPath": "IDDP\\Unscheduled",
"tools": [
"binskim",
"credscan",
"policheck",
"rosalynnanalyzers"
]
}

0 comments on commit 5c65369

Please sign in to comment.