From 713c01d9670b3d4fbd7f996c04dd72153c1bcd41 Mon Sep 17 00:00:00 2001 From: Filippo Banno Date: Tue, 15 Sep 2020 14:52:36 +0100 Subject: [PATCH] Run Component Detection after build with correct options --- tools/ci/templates/jobs-cslib-release-build.yaml | 10 +++++++++- tools/ci/templates/jobs-cslib-release-pack.yaml | 2 ++ .../templates/jobs-mrwebrtc-release-build.yaml | 16 +++++++++------- .../ci/templates/jobs-mrwebrtc-release-pack.yaml | 2 ++ tools/ci/templates/jobs-unity-package.yaml | 2 ++ 5 files changed, 24 insertions(+), 8 deletions(-) diff --git a/tools/ci/templates/jobs-cslib-release-build.yaml b/tools/ci/templates/jobs-cslib-release-build.yaml index b5db8e63e..dc74202af 100644 --- a/tools/ci/templates/jobs-cslib-release-build.yaml +++ b/tools/ci/templates/jobs-cslib-release-build.yaml @@ -14,7 +14,7 @@ parameters: displayName: 'Clean build' type: boolean default: true - + jobs: # Compile Microsoft.MixedReality.WebRTC.dll @@ -34,6 +34,14 @@ jobs: arguments: '-f netstandard2.0 --no-incremental -c Release' workingDirectory: 'libs/Microsoft.MixedReality.WebRTC' + # Run component detection + - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 + displayName: 'Component Detection' + inputs: + sourceScanPath: '$(Build.SourcesDirectory)' + scanType: 'Register' + failOnAlert: true + # # Download mrwebrtc.dll (Win32-x64-buildConfig) for testing # - ${{ if eq(parameters.withTesting, 'true') }}: # - task: DownloadPipelineArtifact@2 diff --git a/tools/ci/templates/jobs-cslib-release-pack.yaml b/tools/ci/templates/jobs-cslib-release-pack.yaml index 6e4b9f43d..fc8d0cf82 100644 --- a/tools/ci/templates/jobs-cslib-release-pack.yaml +++ b/tools/ci/templates/jobs-cslib-release-pack.yaml @@ -127,6 +127,8 @@ jobs: displayName: 'Component Detection before signing' inputs: sourceScanPath: '$(Build.BinariesDirectory)' + scanType: 'Register' + failOnAlert: true # Sign package content - task: DownloadSecureFile@1 diff --git a/tools/ci/templates/jobs-mrwebrtc-release-build.yaml b/tools/ci/templates/jobs-mrwebrtc-release-build.yaml index 568cce233..3f929316a 100644 --- a/tools/ci/templates/jobs-mrwebrtc-release-build.yaml +++ b/tools/ci/templates/jobs-mrwebrtc-release-build.yaml @@ -85,7 +85,7 @@ jobs: submodules: recursive fetchDepth: '50' clean: ${{parameters.clean}} - + # Generate custom .vcxproj to skip any NuGet package related to webrtc.lib, since this pipeline # is recompiling libwebrtc from sources. This saves both build time and disk space. - task: PowerShell@2 @@ -142,12 +142,6 @@ jobs: workingDirectory: 'external/webrtc-uwp-sdk/webrtc/xplatform' displayName: 'Clean-up unused files' - # Run component detection - - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 - displayName: 'Component Detection' - inputs: - sourceScanPath: '$(Build.SourcesDirectory)' - # Build webrtc.lib - task: PythonScript@0 displayName: 'Build webrtc.lib' @@ -181,6 +175,14 @@ jobs: configuration: '${{parameters.buildConfig}}' timeoutInMinutes: 20 + # Run component detection + - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 + displayName: 'Component Detection' + inputs: + sourceScanPath: '$(Build.SourcesDirectory)' + scanType: 'Register' + failOnAlert: true + # Stage artifacts - task: CopyFiles@2 displayName: 'Stage mrwebrtc artifacts' diff --git a/tools/ci/templates/jobs-mrwebrtc-release-pack.yaml b/tools/ci/templates/jobs-mrwebrtc-release-pack.yaml index 411b13375..b52301325 100644 --- a/tools/ci/templates/jobs-mrwebrtc-release-pack.yaml +++ b/tools/ci/templates/jobs-mrwebrtc-release-pack.yaml @@ -178,6 +178,8 @@ jobs: displayName: 'Component Detection before signing' inputs: sourceScanPath: '$(Build.BinariesDirectory)' + scanType: 'Register' + failOnAlert: true # Sign package content - task: DownloadSecureFile@1 diff --git a/tools/ci/templates/jobs-unity-package.yaml b/tools/ci/templates/jobs-unity-package.yaml index 201196f5c..001e43b3c 100644 --- a/tools/ci/templates/jobs-unity-package.yaml +++ b/tools/ci/templates/jobs-unity-package.yaml @@ -121,6 +121,8 @@ jobs: displayName: 'Component Detection before signing' inputs: sourceScanPath: 'libs/unity' + scanType: 'Register' + failOnAlert: true # Sign library package content - task: DownloadSecureFile@1