diff --git a/azure-pipelines.yml b/azure-pipelines.yml index e07f17ef6..686c81a30 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -79,6 +79,77 @@ jobs: npm run lint displayName: 'Lint' +- job: APIScan + dependsOn: [] + pool: + vmImage: 'windows-latest' + strategy: + matrix: + node_18_x: + node_version: 18.x + steps: + - task: NodeTool@0 + inputs: + versionSpec: $(node_version) + displayName: 'Install Node.js' + - pwsh: | + $includes = @' + { + 'target_defaults': { + 'conditions': [ + ['OS=="win"', { + 'msvs_settings': { + 'VCCLCompilerTool': { + 'AdditionalOptions': [ + '/Zi', + '/FS' + ], + }, + 'VCLinkerTool': { + 'AdditionalOptions': [ + '/profile' + ] + } + } + }] + ] + } + } + '@ + + if (!(Test-Path "~/.gyp")) { + mkdir "~/.gyp" + echo $includes > "~/.gyp/include.gypi" + } + displayName: Create include.gypi + - script: | + npm i + displayName: 'Install dependencies and build' + + - task: APIScan@2 + inputs: + softwareFolder: $(Build.SourcesDirectory)\build\Release + softwareName: "node-pty" + softwareVersionNum: '1' + isLargeApp: false + toolVersion: 'Latest' + displayName: Run ApiScan + condition: succeeded() + env: + AzureServicesAuthConnectionString: $(apiscan-connectionstring) + + - task: PublishSecurityAnalysisLogs@3 + inputs: + ArtifactName: CodeAnalysisLogs + ArtifactType: Container + PublishProcessedResults: false + AllTools: true + + - task: TSAUpload@2 + inputs: + GdnPublishTsaOnboard: true + GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)\tsaoptions.json' + - job: Release dependsOn: - Linux diff --git a/tsaoptions.json b/tsaoptions.json new file mode 100644 index 000000000..cbb0afd21 --- /dev/null +++ b/tsaoptions.json @@ -0,0 +1,10 @@ +{ + "codebaseName": "devdiv_microsoft_vscode_node_pty", + "instanceUrl": "https://devdiv.visualstudio.com/defaultcollection", + "projectName": "DevDiv", + "areaPath": "DevDiv\\VS Code (compliance tracking only)\\Visual Studio Code NPM Packages", + "notificationAliases": [ + "stbatt@microsoft.com", + "lszomoru@microsoft.com" + ] +}