@@ -8,29 +8,28 @@ parameters:
8
8
condition : ' '
9
9
10
10
steps :
11
- - ${{ if ne(parameters.overrideGuardianVersion, '') }} :
12
- - powershell : |
13
- $content = Get-Content $(GuardianPackagesConfigFile)
14
-
15
- Write-Host "packages.config content was:`n$content"
16
-
17
- $content = $content.Replace('$(DefaultGuardianVersion)', '$(GuardianVersion)')
18
- $content | Set-Content $(GuardianPackagesConfigFile)
19
-
20
- Write-Host "packages.config content updated to:`n$content"
21
- displayName: Use overridden Guardian version ${{ parameters.overrideGuardianVersion }}
11
+ - task : NuGetAuthenticate@1
12
+ inputs :
13
+ nuGetServiceConnections : GuardianConnect
22
14
23
15
- task : NuGetToolInstaller@1
24
16
displayName : ' Install NuGet.exe'
25
17
26
- - task : NuGetCommand@2
27
- displayName : ' Install Guardian'
28
- inputs :
29
- restoreSolution : $(Build.SourcesDirectory)\eng\common\sdl\packages.config
30
- feedsToUse : config
31
- nugetConfigPath : $(Build.SourcesDirectory)\eng\common\sdl\NuGet.config
32
- externalFeedCredentials : GuardianConnect
33
- restoreDirectory : $(Build.SourcesDirectory)\.packages
18
+ - ${{ if ne(parameters.overrideGuardianVersion, '') }} :
19
+ - pwsh : |
20
+ Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
21
+ . .\sdl.ps1
22
+ $guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts -Version ${{ parameters.overrideGuardianVersion }}
23
+ Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
24
+ displayName: Install Guardian (Overridden)
25
+
26
+ - ${{ if eq(parameters.overrideGuardianVersion, '') }} :
27
+ - pwsh : |
28
+ Set-Location -Path $(Build.SourcesDirectory)\eng\common\sdl
29
+ . .\sdl.ps1
30
+ $guardianCliLocation = Install-Gdn -Path $(Build.SourcesDirectory)\.artifacts
31
+ Write-Host "##vso[task.setvariable variable=GuardianCliLocation]$guardianCliLocation"
32
+ displayName: Install Guardian
34
33
35
34
- ${{ if ne(parameters.overrideParameters, '') }} :
36
35
- powershell : ${{ parameters.executeAllSdlToolsScript }} ${{ parameters.overrideParameters }}
40
39
41
40
- ${{ if eq(parameters.overrideParameters, '') }} :
42
41
- powershell : ${{ parameters.executeAllSdlToolsScript }}
43
- -GuardianPackageName Microsoft.Guardian.Cli.$(GuardianVersion )
42
+ -GuardianCliLocation $(GuardianCliLocation )
44
43
-NugetPackageDirectory $(Build.SourcesDirectory)\.packages
45
44
-AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
46
45
${{ parameters.additionalParameters }}
@@ -62,7 +61,28 @@ steps:
62
61
c
63
62
i
64
63
condition : succeededOrFailed()
64
+
65
65
- publish : $(Agent.BuildDirectory)/.gdn
66
66
artifact : GuardianConfiguration
67
67
displayName : Publish GuardianConfiguration
68
+ condition : succeededOrFailed()
69
+
70
+ # Publish the SARIF files in a container named CodeAnalysisLogs to enable integration
71
+ # with the "SARIF SAST Scans Tab" Azure DevOps extension
72
+ - task : CopyFiles@2
73
+ displayName : Copy SARIF files
74
+ inputs :
75
+ flattenFolders : true
76
+ sourceFolder : $(Agent.BuildDirectory)/.gdn/rc/
77
+ contents : ' **/*.sarif'
78
+ targetFolder : $(Build.SourcesDirectory)/CodeAnalysisLogs
79
+ condition : succeededOrFailed()
80
+
81
+ # Use PublishBuildArtifacts because the SARIF extension only checks this case
82
+ # see microsoft/sarif-azuredevops-extension#4
83
+ - task : PublishBuildArtifacts@1
84
+ displayName : Publish SARIF files to CodeAnalysisLogs container
85
+ inputs :
86
+ pathToPublish : $(Build.SourcesDirectory)/CodeAnalysisLogs
87
+ artifactName : CodeAnalysisLogs
68
88
condition : succeededOrFailed()
0 commit comments