Skip to content

Commit

Permalink
Enable APIScan (#450)
Browse files Browse the repository at this point in the history
  • Loading branch information
EricJohnson327 authored Sep 25, 2024
1 parent 8664939 commit d23d104
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 18 deletions.
59 changes: 41 additions & 18 deletions build/azure-pipelines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ parameters:
- name: SignOutput
type: boolean
default: False
- name: APIScanDisabled
displayName: "Disable API Scan"
type: boolean
default: false
- name: Platforms
type: object
default:
Expand All @@ -25,6 +29,12 @@ variables:
appxPackageDir: 'AppxPackages'
testOutputArtifactDir: 'TestResults'

# APIScan only runs in release mode in the release branch
${{ if eq(variables['Build.SourceBranchName'], 'release') }}:
apiscanMode: release
${{ else }}:
apiscanMode: prerelease

resources:
repositories:
- repository: m365Pipelines
Expand Down Expand Up @@ -201,24 +211,6 @@ extends:
}
]
# Commented out until our implementation is fixed
# - task: AzureKeyVault@1
# inputs:
# azureSubscription: 'DevHomeAzureServiceConnection'
# KeyVaultName: 'DevHomeKeyVault'
# SecretsFilter: 'ApiScanConnectionString'
# RunAsPreJob: false

# - task: APIScan@2
# inputs:
# softwareFolder: '$(Build.StagingDirectory)'
# softwareName: 'Dev Home GitHub Extension'
# softwareVersionNum: '1.0'
# softwareBuildNum: '$(Build.BuildId)'
# symbolsFolder: 'SRV*http://symweb'
# env:
# AzureServicesAuthConnectionString: $(ApiScanConnectionString)

- task: Windows Application Driver@0
condition: and(always(), ne('${{ platform}}', 'arm64'))
inputs:
Expand Down Expand Up @@ -261,6 +253,37 @@ extends:
SymbolServerType: TeamServices
SymbolsProduct: DevHomeGitHubExtension

# Only run APIScan for non-arm release to avoid duplicate results unless it is disabled.
# Copy surrogate file to binary directory to use relative paths which are not architecture dependent.
- task: CopyFiles@2
condition: and(ne('${{ platform }}', 'arm64'), eq('${{ configuration }}', 'release'), ne(${{ parameters.APIScanDisabled }}, true))
inputs:
SourceFolder: '$(Build.SourcesDirectory)\build'
Contents: 'surrogate.xml'
TargetFolder: '$(Build.ArtifactStagingDirectory)\rawBinaries'

- task: APIScan@2
displayName: Run APIScan
condition: and(ne('${{ platform }}', 'arm64'), eq('${{ configuration }}', 'release'), ne(${{ parameters.APIScanDisabled }}, true))
inputs:
softwareFolder: '$(appxPackageDir)\${{ configuration }}'
softwareName: 'Dev Home GitHub Extension'
softwareVersionNum: '1.0'
softwareBuildNum: '$(Build.BuildId)'
isLargeApp: false
toolVersion: 'Latest'
# PAT required to get debug symbols on 1ES VM.
symbolsFolder: '$(Build.ArtifactStagingDirectory)\rawBinaries'
# Use surrogate.xml to map release binaries in the MSIX to debug binaries for APIScan.
# surrogate.xml can be created by using SurrogateGenerator.ps1 PowerShell script.
surrogateConfigurationFolder: '$(Build.ArtifactStagingDirectory)\rawBinaries'
modeType: '$(apiscanMode)'
preserveLogsFolder: true
azureSubscription: DevHomeAzureServiceConnection
env:
AzureServicesAuthConnectionString: RunAs=App;AppId=$(AppId);TenantId=$(TenantId);ServiceConnectionId=$(ServiceConnectionId);
SYSTEM_ACCESSTOKEN: $(System.AccessToken)

templateContext:
outputs:
- output: pipelineArtifact
Expand Down
Binary file added build/surrogate.xml
Binary file not shown.

0 comments on commit d23d104

Please sign in to comment.