This repository has been archived by the owner on Sep 3, 2024. It is now read-only.
forked from mhutch/MonoDevelop.Xml
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcompliance.yaml
112 lines (92 loc) · 2.65 KB
/
compliance.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
resources:
repositories:
- repository: self
checkoutOptions:
submodules: false
pr: none
trigger: none
jobs:
- job: Build
pool:
vmImage: 'macos-latest'
variables:
- name: Codeql.Enabled
value: true
- name: Codeql.Language
value: csharp
- name: Codeql.TSAEnabled
value: true
- name: Codeql.TSAOptionsPath
value: '$(Build.SourcesDirectory)/.config/tsaoptions.json'
steps:
- task: NuGetAuthenticate@0
displayName: Authenticate NuGet feeds
inputs:
forceReinstallCredentialProvider: true
- task: CodeQL3000Init@0
- task: DotNetCoreCLI@2
displayName: Build and Package
inputs:
command: build
projects: Editor/MonoDevelop.Xml.Editor.csproj
arguments: '-c Release'
- task: CodeQL3000Finalize@0
- job: Analysis_Job
displayName: Analysis
pool: VSEngStaticAnalysis-Test
timeoutInMinutes: 300
variables:
- name: DOTNET_ROOT
value: /root/.dotnet
- name: skipComponentGovernanceDetection # Not required for Analysis. Avoids false positives being found in vs-editor-api samples.
value: true
steps:
# To get npm installed on the machine for the guardian tools to use
- task: NodeTool@0
displayName: 'Use Node 6.x'
- task: PowerShell@2
displayName: Checkout Submodules
inputs:
targetType: 'inline'
script: |
# Enlist into all of the submodules
git submodule update --init --recursive
env:
SYSTEM_ACCESSTOKEN: $(System.AccessToken)
- task: CredScan@3
displayName: Run CredScan
continueOnError: false
inputs:
outputFormat: pre
- task: PoliCheck@2
inputs:
inputType: 'Basic'
targetType: 'F'
targetArgument: '$(Build.SourcesDirectory)'
result: 'PoliCheck.xml'
optionsUEPATH: '$(Build.SourcesDirectory)/SuppressionFiles/PoliCheckExclusions.xml'
- task: SdtReport@2
displayName: 'Create security analysis report'
inputs:
GdnExportAllTools: false
GdnExportGdnToolCredScan: true
GdnExportGdnToolPoliCheck: true
- task: TSAUpload@2
displayName: Upload Results to TSA
inputs:
GdnPublishTsaOnboard: true
GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)/.config/tsaoptions.json'
- task: PostAnalysis@2
displayName: Run Security Post Analysis
inputs:
GdnBreakAllTools: true
continueOnError: true
condition: succeededOrFailed()
- task: PublishSecurityAnalysisLogs@3
displayName: Publish Code Analysis Logs
inputs:
ArtifactName: CodeAnalysisLogs
ArtifactType: Container
PublishProcessedResults: true
AllTools: true
ToolLogsNotFoundAction: Standard