From 9e343dc7567092e2082f37fb8e24aafed5e2b7a0 Mon Sep 17 00:00:00 2001 From: Eric Johnson Date: Wed, 4 Sep 2024 16:31:30 -0700 Subject: [PATCH] Update pipeline for compliance (#438) --- build/azure-pipelines.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/build/azure-pipelines.yml b/build/azure-pipelines.yml index 953f00d..258e006 100644 --- a/build/azure-pipelines.yml +++ b/build/azure-pipelines.yml @@ -38,6 +38,12 @@ extends: sdl: roslyn: enabled: true + binskim: + break: false + scanOutputDirectoryOnly: true + policheck: + break: false + severity: Note arrow: serviceConnection: DevHome Build VM Generation baseline: @@ -145,6 +151,16 @@ extends: filePath: 'build/scripts/Build.ps1' arguments: -Platform "${{ platform }}" -Configuration "${{ configuration }}" -Version $(MSIXVersion) -BuildStep "msix" -AzureBuildingBranch "$(BuildingBranch)" -IsAzurePipelineBuild -ClientId $(GitHubClientId) -ClientSecret $(GitHubClientSecret) + - task: PowerShell@2 + displayName: Copy Binaries for Artifact Publishing + inputs: + targetType: inline + script: >- + New-Item -Path '$(Build.ArtifactStagingDirectory)\rawBinaries' -ItemType Directory + + Get-ChildItem -Path "$(Build.SourcesDirectory)\buildoutput\*" -Include *.dll,*.exe,*.pdb -Recurse | Copy-Item -Destination "$(Build.ArtifactStagingDirectory)\rawBinaries" -verbose + pwsh: true + - template: ./build/templates/EsrpSigning-Steps.yml@self parameters: displayName: Submit *.msix to ESRP for code signing @@ -267,6 +283,10 @@ extends: targetPath: $(appxPackageDir)\${{ configuration }} sbomPackageName: devhomegithubextension.msixpackage sbomPackageVersion: $(MSIXVersion) + - output: pipelineArtifact + displayName: 'Publish Binaries' + artifactName: binaries_${{ platform }}_${{ configuration }} + targetPath: $(Build.ArtifactStagingDirectory)\rawBinaries - stage: Build_MsixBundle dependsOn: Build_Msix