[ApiScan] Store log files and error on issues. (#832)

xamarin · Jan 5, 2024 · 52b70c3 · 52b70c3
1 parent 6f90479
commit 52b70c3
Showing 1 changed file with 35 additions and 1 deletion.
diff --git a/build/ci/api-scan.yml b/build/ci/api-scan.yml
@@ -15,14 +15,23 @@ steps:
     OverWrite: true
     flattenFolders: true
   condition: and(succeeded(), eq(variables['runAPIScan'], 'true'), eq('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
+
+- task: CmdLine@2
+  displayName: 'Remove System assemblies from APIScan'
+  inputs:
+    script: |
+      del ${{ parameters.apiScanDirectory }}\System.*
+      del ${{ parameters.apiScanDirectory }}\mscorlib.dll
+      del ${{ parameters.apiScanDirectory }}\netstandard.dll
+  condition: and(succeeded(), eq(variables['runAPIScan'], 'true'), eq('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
 
 - task: CmdLine@2
   displayName: 'List Files for APIScan'
   inputs:
     script: |
       tree ${{ parameters.apiScanDirectory }} /f        
   condition: and(succeeded(), eq(variables['runAPIScan'], 'true'), eq('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
-        
+
  ### Run latest version of APIScan listed at https://www.1eswiki.com/wiki/APIScan_Build_Task
 - task: APIScan@2
   displayName: Run APIScan
@@ -35,3 +44,28 @@ steps:
   condition: and(succeeded(), eq(variables['runAPIScan'], 'true'), eq('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
   env:
     AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret)
+
+- task: SdtReport@2
+  displayName: Guardian Export - Security Report
+  inputs:
+    GdnExportAllTools: false
+    GdnExportGdnToolApiScan: true
+    GdnExportOutputSuppressionFile: source.gdnsuppress
+  condition: and(eq(variables['runAPIScan'], 'true'), eq('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
+
+- task: PublishSecurityAnalysisLogs@3
+  displayName: Publish Guardian Artifacts
+  inputs:
+    ArtifactName: APIScan Logs
+    ArtifactType: Container
+    AllTools: false
+    APIScan: true
+    ToolLogsNotFoundAction: Warning
+  condition: and(eq(variables['runAPIScan'], 'true'), eq('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))
+
+- task: PostAnalysis@2
+  displayName: Fail Build on Guardian Issues
+  inputs:
+    GdnBreakAllTools: false
+    GdnBreakGdnToolApiScan: true
+  condition: and(eq(variables['runAPIScan'], 'true'), eq('refs/heads/${{ parameters.mainBranchName }}', variables['Build.SourceBranch']))