eng/common/templates/job/execute-sdl.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

parameters:
  overrideParameters: ''                                       # Optional: to override values for parameters.
  additionalParameters: ''                                     # Optional: parameters that need user specific values eg: '-SourceToolsList @("abc","def") -ArtifactToolsList @("ghi","jkl")'
  # There is some sort of bug (has been reported) in Azure DevOps where if this parameter is named
  # 'continueOnError', the parameter value is not correctly picked up.
  # This can also be remedied by the caller (post-build.yml) if it does not use a nested parameter
  sdlContinueOnError: false                                    # optional: determines whether to continue the build if the step errors;
  dependsOn: ''                                                # Optional: dependencies of the job

jobs:
- job: Run_SDL
  dependsOn: ${{ parameters.dependsOn }}
  displayName: Run SDL tool
  variables:
    - group: DotNet-VSTS-Bot
  pool:
    name: Hosted VS2017
  steps:
  - checkout: self
    clean: true
  - task: DownloadBuildArtifacts@0
    displayName: Download Build Artifacts
    inputs:
      buildType: current
      downloadType: specific files
      matchingPattern: "**"
      downloadPath: $(Build.SourcesDirectory)\artifacts
  - powershell: eng/common/sdl/extract-artifact-packages.ps1
      -InputPath $(Build.SourcesDirectory)\artifacts\BlobArtifacts
      -ExtractPath $(Build.SourcesDirectory)\artifacts\BlobArtifacts
    displayName: Extract Blob Artifacts
    continueOnError: ${{ parameters.sdlContinueOnError }}
  - powershell: eng/common/sdl/extract-artifact-packages.ps1
      -InputPath $(Build.SourcesDirectory)\artifacts\PackageArtifacts
      -ExtractPath $(Build.SourcesDirectory)\artifacts\PackageArtifacts
    displayName: Extract Package Artifacts
    continueOnError: ${{ parameters.sdlContinueOnError }}
  - task: NuGetToolInstaller@1
    displayName: 'Install NuGet.exe'
  - task: NuGetCommand@2
    displayName: 'Install Guardian'
    inputs:
      restoreSolution: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
      feedsToUse: config
      nugetConfigPath: $(Build.SourcesDirectory)\eng\common\sdl\NuGet.config
      externalFeedCredentials: GuardianConnect
      restoreDirectory: $(Build.SourcesDirectory)\.packages
  - ${{ if ne(parameters.overrideParameters, '') }}:
    - powershell: eng/common/sdl/execute-all-sdl-tools.ps1 ${{ parameters.overrideParameters }}
      displayName: Execute SDL
      continueOnError: ${{ parameters.sdlContinueOnError }}
  - ${{ if eq(parameters.overrideParameters, '') }}:
    - powershell: eng/common/sdl/execute-all-sdl-tools.ps1
        -GuardianPackageName Microsoft.Guardian.Cli.0.7.2
        -NugetPackageDirectory $(Build.SourcesDirectory)\.packages
        -AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
        ${{ parameters.additionalParameters }}
      displayName: Execute SDL
      continueOnError: ${{ parameters.sdlContinueOnError }}