From c371635379bc55ea7f213605f60aeaba970727de Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Tue, 9 Jan 2024 15:41:46 -0800 Subject: [PATCH 01/24] [ci] Add API Scan job Context: https://devdiv.visualstudio.com/DevDiv/_wiki/wikis/DevDiv.wiki/25351/APIScan-step-by-step-guide-to-setting-up-a-Pipeline The ApiScan task has been added to pipeline runs against `main`. This task should help us identify related issues earlier, rather than having to wait for a full scan of VS. --- azure-pipelines.yml | 70 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index ff3ae3cc..07712f50 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -3,6 +3,7 @@ trigger: include: - main - refs/tags/* + resources: repositories: - repository: internal-templates @@ -10,10 +11,16 @@ resources: name: xamarin/yaml-templates endpoint: xamarin ref: refs/heads/main + +parameters: +- name: ApiScanSourceBranch + default: 'refs/heads/main' + variables: - group: Xamarin-Secrets - name: DisablePipelineConfigDetector value: true + stages: - stage: Build jobs: @@ -277,6 +284,69 @@ stages: signListPath: 'SignList.xml' condition: startsWith(variables['Build.SourceBranch'], 'refs/tags/') + - stage: compliance_scan + displayName: Compliance + dependsOn: Build + condition: and(eq(dependencies.Build.result, 'Succeeded'), eq(variables['Build.SourceBranch'], '${{ parameters.ApiScanSourceBranch }}')) + jobs: + - job: api_scan + displayName: API Scan + pool: + name: Azure Pipelines + vmImage: windows-2022 + timeoutInMinutes: 480 + workspace: + clean: all + steps: + - task: DownloadBuildArtifacts@0 + displayName: download artifacts + inputs: + artifactName: NuGet + downloadPath: $(Build.StagingDirectory) + + - task: ExtractFiles@1 + displayName: Extract nuget + inputs: + archiveFilePatterns: $(Build.StagingDirectory)\*.nupkg + destinationFolder: $(Build.StagingDirectory)\apiscan + + - powershell: Get-ChildItem -Path "$(Build.StagingDirectory)\apiscan" -Recurse + displayName: List Files for APIScan + + - task: APIScan@2 + displayName: Run APIScan + inputs: + softwareFolder: $(Build.StagingDirectory)\apiscan + symbolsFolder: 'SRV*http://symweb;$(Build.StagingDirectory)\apiscan' + softwareName: $(ApiScanName) + softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion)$(System.JobAttempt) + isLargeApp: true + toolVersion: Latest + env: + AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret) + + - task: SdtReport@2 + displayName: Guardian Export - Security Report + inputs: + GdnExportAllTools: false + GdnExportGdnToolApiScan: true + GdnExportOutputSuppressionFile: source.gdnsuppress + + - task: PublishSecurityAnalysisLogs@3 + displayName: Publish Guardian Artifacts + inputs: + ArtifactName: APIScan Logs + ArtifactType: Container + AllTools: false + APIScan: true + ToolLogsNotFoundAction: Warning + + - task: PostAnalysis@2 + displayName: Fail Build on Guardian Issues + inputs: + GdnBreakAllTools: false + GdnBreakGdnToolApiScan: true + - stage: Localization dependsOn: [] condition: and(eq(variables['System.TeamProject'], 'DevDiv'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) From ad17af3e46a3b31c2c29e1dd533544dc38cba3d2 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Wed, 10 Jan 2024 14:24:02 -0800 Subject: [PATCH 02/24] Bump to microsoft/vcpkg@c8696863d3 Changes: https://github.com/microsoft/vcpkg/compare/94ce0dab56f4d8ba6bd631ba59ed682b02d45c46...c8696863d371ab7f46e213d8f5ca923c4aef2a00 --- external/vcpkg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/external/vcpkg b/external/vcpkg index 94ce0dab..c8696863 160000 --- a/external/vcpkg +++ b/external/vcpkg @@ -1 +1 @@ -Subproject commit 94ce0dab56f4d8ba6bd631ba59ed682b02d45c46 +Subproject commit c8696863d371ab7f46e213d8f5ca923c4aef2a00 From 35ba602bdc22022330e590c66cb2e08bc4482fb8 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Thu, 11 Jan 2024 15:48:55 -0800 Subject: [PATCH 03/24] Fix nuget extract --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 07712f50..258f4ae2 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -307,7 +307,7 @@ stages: - task: ExtractFiles@1 displayName: Extract nuget inputs: - archiveFilePatterns: $(Build.StagingDirectory)\*.nupkg + archiveFilePatterns: $(Build.StagingDirectory)\**\*.nupkg destinationFolder: $(Build.StagingDirectory)\apiscan - powershell: Get-ChildItem -Path "$(Build.StagingDirectory)\apiscan" -Recurse From 4fea5a39e7c6c4d6ad0b08d4007541e3e4234fcb Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Fri, 26 Jan 2024 12:20:49 -0800 Subject: [PATCH 04/24] Test exclusionlist --- azure-pipelines.yml | 1 + build-tools/automation/ApiScanExclusionList.xml | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 100644 build-tools/automation/ApiScanExclusionList.xml diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 258f4ae2..8a991e97 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -320,6 +320,7 @@ stages: symbolsFolder: 'SRV*http://symweb;$(Build.StagingDirectory)\apiscan' softwareName: $(ApiScanName) softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion)$(System.JobAttempt) + exclusionList: $(Build.SourcesDirectory)/build-tools/automation/ApiScanExclusionList.txt isLargeApp: true toolVersion: Latest env: diff --git a/build-tools/automation/ApiScanExclusionList.xml b/build-tools/automation/ApiScanExclusionList.xml new file mode 100644 index 00000000..d7351415 --- /dev/null +++ b/build-tools/automation/ApiScanExclusionList.xml @@ -0,0 +1,9 @@ + + + + + + + + + From 95464f4c2ab474a2a1964bbc10633fe3b6fdee74 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Fri, 26 Jan 2024 12:33:21 -0800 Subject: [PATCH 05/24] Generate exclusion list --- .gitignore | 2 +- LibZipSharp/libZipSharp.targets | 7 +++++++ azure-pipelines.yml | 8 +++++++- ...iScanExclusionList.xml => ApiScanExclusionList.in.xml} | 2 +- 4 files changed, 16 insertions(+), 3 deletions(-) rename build-tools/automation/{ApiScanExclusionList.xml => ApiScanExclusionList.in.xml} (77%) diff --git a/.gitignore b/.gitignore index b8c73823..e41214b0 100644 --- a/.gitignore +++ b/.gitignore @@ -52,4 +52,4 @@ TestResult.xml artifacts lzsbuild .ccls-cache - \ No newline at end of file +ApiScanExclusionList.gen.xml diff --git a/LibZipSharp/libZipSharp.targets b/LibZipSharp/libZipSharp.targets index b3983aa2..805d2335 100644 --- a/LibZipSharp/libZipSharp.targets +++ b/LibZipSharp/libZipSharp.targets @@ -54,4 +54,11 @@ DestinationFile="$(ConstantsOutFile)" Replacements="@(Replacement)" /> + + + + diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 8a991e97..4f00fe92 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -313,6 +313,12 @@ stages: - powershell: Get-ChildItem -Path "$(Build.StagingDirectory)\apiscan" -Recurse displayName: List Files for APIScan + - task: DotNetCoreCLI@2 + displayName: Generate exclusion list + inputs: + projects: LibZipSharp/libZipSharp.csproj + arguments: -v:n -t:GenerateApiScanExclusions + - task: APIScan@2 displayName: Run APIScan inputs: @@ -320,7 +326,7 @@ stages: symbolsFolder: 'SRV*http://symweb;$(Build.StagingDirectory)\apiscan' softwareName: $(ApiScanName) softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion)$(System.JobAttempt) - exclusionList: $(Build.SourcesDirectory)/build-tools/automation/ApiScanExclusionList.txt + exclusionList: $(Build.SourcesDirectory)/build-tools/automation/ApiScanExclusionList.gen.xml isLargeApp: true toolVersion: Latest env: diff --git a/build-tools/automation/ApiScanExclusionList.xml b/build-tools/automation/ApiScanExclusionList.in.xml similarity index 77% rename from build-tools/automation/ApiScanExclusionList.xml rename to build-tools/automation/ApiScanExclusionList.in.xml index d7351415..ddd0ff78 100644 --- a/build-tools/automation/ApiScanExclusionList.xml +++ b/build-tools/automation/ApiScanExclusionList.in.xml @@ -2,7 +2,7 @@ - + From b40b13215ccf2988118d91039ef4f41c265c03e7 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Fri, 26 Jan 2024 13:04:07 -0800 Subject: [PATCH 06/24] Match version --- azure-pipelines.yml | 2 +- build-tools/automation/ApiScanExclusionList.in.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 4f00fe92..11a31721 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -325,7 +325,7 @@ stages: softwareFolder: $(Build.StagingDirectory)\apiscan symbolsFolder: 'SRV*http://symweb;$(Build.StagingDirectory)\apiscan' softwareName: $(ApiScanName) - softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion)$(System.JobAttempt) + softwareVersionNum: 3.1 exclusionList: $(Build.SourcesDirectory)/build-tools/automation/ApiScanExclusionList.gen.xml isLargeApp: true toolVersion: Latest diff --git a/build-tools/automation/ApiScanExclusionList.in.xml b/build-tools/automation/ApiScanExclusionList.in.xml index ddd0ff78..5db6f435 100644 --- a/build-tools/automation/ApiScanExclusionList.in.xml +++ b/build-tools/automation/ApiScanExclusionList.in.xml @@ -1,6 +1,6 @@ - + From c8c7e71be48386bbe6f893048d8ae54311508760 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Mon, 5 Feb 2024 16:30:42 -0800 Subject: [PATCH 07/24] Revert exclusion list tests --- .gitignore | 2 +- LibZipSharp/libZipSharp.targets | 7 ------- azure-pipelines.yml | 9 +-------- build-tools/automation/ApiScanExclusionList.in.xml | 9 --------- 4 files changed, 2 insertions(+), 25 deletions(-) delete mode 100644 build-tools/automation/ApiScanExclusionList.in.xml diff --git a/.gitignore b/.gitignore index e41214b0..b8c73823 100644 --- a/.gitignore +++ b/.gitignore @@ -52,4 +52,4 @@ TestResult.xml artifacts lzsbuild .ccls-cache -ApiScanExclusionList.gen.xml + \ No newline at end of file diff --git a/LibZipSharp/libZipSharp.targets b/LibZipSharp/libZipSharp.targets index 805d2335..b3983aa2 100644 --- a/LibZipSharp/libZipSharp.targets +++ b/LibZipSharp/libZipSharp.targets @@ -54,11 +54,4 @@ DestinationFile="$(ConstantsOutFile)" Replacements="@(Replacement)" /> - - - - diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 11a31721..258f4ae2 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -313,20 +313,13 @@ stages: - powershell: Get-ChildItem -Path "$(Build.StagingDirectory)\apiscan" -Recurse displayName: List Files for APIScan - - task: DotNetCoreCLI@2 - displayName: Generate exclusion list - inputs: - projects: LibZipSharp/libZipSharp.csproj - arguments: -v:n -t:GenerateApiScanExclusions - - task: APIScan@2 displayName: Run APIScan inputs: softwareFolder: $(Build.StagingDirectory)\apiscan symbolsFolder: 'SRV*http://symweb;$(Build.StagingDirectory)\apiscan' softwareName: $(ApiScanName) - softwareVersionNum: 3.1 - exclusionList: $(Build.SourcesDirectory)/build-tools/automation/ApiScanExclusionList.gen.xml + softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion)$(System.JobAttempt) isLargeApp: true toolVersion: Latest env: diff --git a/build-tools/automation/ApiScanExclusionList.in.xml b/build-tools/automation/ApiScanExclusionList.in.xml deleted file mode 100644 index 5db6f435..00000000 --- a/build-tools/automation/ApiScanExclusionList.in.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - - - - From 8a24201005c17f78e886ef5b071a9b358ebd29d1 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Tue, 6 Feb 2024 09:51:23 -0800 Subject: [PATCH 08/24] Increase verbosity --- azure-pipelines.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 258f4ae2..9798caa4 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -322,6 +322,9 @@ stages: softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion)$(System.JobAttempt) isLargeApp: true toolVersion: Latest + preserveTempFiles: true + preserveLogsFolder: true + verbosityLevel: verbose env: AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret) From dbef831dea57f754dfa447911b144b3aee008d62 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Tue, 6 Feb 2024 15:41:02 -0800 Subject: [PATCH 09/24] Try profile flag --- CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index d75d7b35..f1d5c5db 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -576,6 +576,7 @@ else() target_link_options( ${PROJECT_NAME} PRIVATE + /PROFILE /wholearchive:$ ) endif() From 209c50332eb3be4bf9f01a3b72ce69dfcab2697d Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Tue, 6 Feb 2024 18:41:51 -0800 Subject: [PATCH 10/24] Do not scan unsupported arm64 files --- azure-pipelines.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 9798caa4..3163ac92 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -308,7 +308,15 @@ stages: displayName: Extract nuget inputs: archiveFilePatterns: $(Build.StagingDirectory)\**\*.nupkg - destinationFolder: $(Build.StagingDirectory)\apiscan + destinationFolder: $(Build.SourcesDirectory))\nuget + + - task: CopyFiles@2 + displayName: Collect Files for APIScan + inputs: + Contents: | + $(Build.SourcesDirectory))\nuget + !$(Build.SourcesDirectory)\**\runtimes\win-arm64\native\libzipsharpnative*.dll + TargetFolder: $(Build.StagingDirectory)\apiscan - powershell: Get-ChildItem -Path "$(Build.StagingDirectory)\apiscan" -Recurse displayName: List Files for APIScan From 61e9b5ed8b8dc0dfc95616bc9398fa330e861842 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Wed, 7 Feb 2024 17:01:39 -0800 Subject: [PATCH 11/24] Test exclusion list again --- .gitignore | 2 +- LibZipSharp/libZipSharp.targets | 12 ++++++++++++ azure-pipelines.yml | 10 +++++++++- build-tools/automation/ApiScanExclusionList.in.xml | 13 +++++++++++++ 4 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 build-tools/automation/ApiScanExclusionList.in.xml diff --git a/.gitignore b/.gitignore index b8c73823..e41214b0 100644 --- a/.gitignore +++ b/.gitignore @@ -52,4 +52,4 @@ TestResult.xml artifacts lzsbuild .ccls-cache - \ No newline at end of file +ApiScanExclusionList.gen.xml diff --git a/LibZipSharp/libZipSharp.targets b/LibZipSharp/libZipSharp.targets index b3983aa2..558d2619 100644 --- a/LibZipSharp/libZipSharp.targets +++ b/LibZipSharp/libZipSharp.targets @@ -54,4 +54,16 @@ DestinationFile="$(ConstantsOutFile)" Replacements="@(Replacement)" /> + + + + <_ExclusionReplacement Include="@LibraryBaseFileName@=$(_NativeLibraryBaseName)" /> + <_ExclusionReplacement Include="@AssemblyVersion@=$(_LibZipSharpAssemblyVersion)" /> + + + + diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 3163ac92..26090ae9 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -321,15 +321,23 @@ stages: - powershell: Get-ChildItem -Path "$(Build.StagingDirectory)\apiscan" -Recurse displayName: List Files for APIScan + - task: DotNetCoreCLI@2 + displayName: Generate exclusion list and set ApiScanVersion + inputs: + projects: LibZipSharp/libZipSharp.csproj + arguments: -v:n -t:GenerateApiScanExclusions + - task: APIScan@2 displayName: Run APIScan inputs: softwareFolder: $(Build.StagingDirectory)\apiscan symbolsFolder: 'SRV*http://symweb;$(Build.StagingDirectory)\apiscan' softwareName: $(ApiScanName) - softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion)$(System.JobAttempt) + softwareVersionNum: $(ApiScanVersion) + exclusionList: $(Build.SourcesDirectory)/build-tools/automation/ApiScanExclusionList.gen.xml isLargeApp: true toolVersion: Latest + modeType: prerelease preserveTempFiles: true preserveLogsFolder: true verbosityLevel: verbose diff --git a/build-tools/automation/ApiScanExclusionList.in.xml b/build-tools/automation/ApiScanExclusionList.in.xml new file mode 100644 index 00000000..63189b05 --- /dev/null +++ b/build-tools/automation/ApiScanExclusionList.in.xml @@ -0,0 +1,13 @@ + + + + + + + + + + + + + From d2a826bb73faf961c003e70ced5b9ac33021d69c Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Wed, 7 Feb 2024 18:01:20 -0800 Subject: [PATCH 12/24] Fix copy --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 26090ae9..1dd5f643 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -314,7 +314,7 @@ stages: displayName: Collect Files for APIScan inputs: Contents: | - $(Build.SourcesDirectory))\nuget + $(Build.SourcesDirectory))\nuget\**\?(*.dll|*.exe|*.pdb) !$(Build.SourcesDirectory)\**\runtimes\win-arm64\native\libzipsharpnative*.dll TargetFolder: $(Build.StagingDirectory)\apiscan From 61f7670ac5b530855e3d08141ae3fbb50e1d7ce4 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Wed, 7 Feb 2024 18:29:41 -0800 Subject: [PATCH 13/24] Fix extract destination --- azure-pipelines.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 1dd5f643..85f1c472 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -308,13 +308,13 @@ stages: displayName: Extract nuget inputs: archiveFilePatterns: $(Build.StagingDirectory)\**\*.nupkg - destinationFolder: $(Build.SourcesDirectory))\nuget + destinationFolder: $(Build.SourcesDirectory)\nuget - task: CopyFiles@2 displayName: Collect Files for APIScan inputs: Contents: | - $(Build.SourcesDirectory))\nuget\**\?(*.dll|*.exe|*.pdb) + $(Build.SourcesDirectory)\nuget\**\?(*.dll|*.exe|*.pdb) !$(Build.SourcesDirectory)\**\runtimes\win-arm64\native\libzipsharpnative*.dll TargetFolder: $(Build.StagingDirectory)\apiscan From ad979dd4d74e30ed44e9178f85a61263d218badb Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Thu, 8 Feb 2024 11:44:52 -0800 Subject: [PATCH 14/24] Try wildcard exclusion --- build-tools/automation/ApiScanExclusionList.in.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-tools/automation/ApiScanExclusionList.in.xml b/build-tools/automation/ApiScanExclusionList.in.xml index 63189b05..a5073f1a 100644 --- a/build-tools/automation/ApiScanExclusionList.in.xml +++ b/build-tools/automation/ApiScanExclusionList.in.xml @@ -4,7 +4,7 @@ - + From 4eb106e8b6d239a5690ce9476bcd75db65d77e4e Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Thu, 8 Feb 2024 14:05:01 -0800 Subject: [PATCH 15/24] Revert exclusion changes again, preferred method is waiting for SEL update --- .gitignore | 3 +-- LibZipSharp/libZipSharp.targets | 12 ------------ azure-pipelines.yml | 11 ----------- build-tools/automation/ApiScanExclusionList.in.xml | 13 ------------- 4 files changed, 1 insertion(+), 38 deletions(-) delete mode 100644 build-tools/automation/ApiScanExclusionList.in.xml diff --git a/.gitignore b/.gitignore index e41214b0..c7442b9d 100644 --- a/.gitignore +++ b/.gitignore @@ -51,5 +51,4 @@ build/* TestResult.xml artifacts lzsbuild -.ccls-cache -ApiScanExclusionList.gen.xml +.ccls-cache \ No newline at end of file diff --git a/LibZipSharp/libZipSharp.targets b/LibZipSharp/libZipSharp.targets index 558d2619..b3983aa2 100644 --- a/LibZipSharp/libZipSharp.targets +++ b/LibZipSharp/libZipSharp.targets @@ -54,16 +54,4 @@ DestinationFile="$(ConstantsOutFile)" Replacements="@(Replacement)" /> - - - - <_ExclusionReplacement Include="@LibraryBaseFileName@=$(_NativeLibraryBaseName)" /> - <_ExclusionReplacement Include="@AssemblyVersion@=$(_LibZipSharpAssemblyVersion)" /> - - - - diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 85f1c472..8633337a 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -321,12 +321,6 @@ stages: - powershell: Get-ChildItem -Path "$(Build.StagingDirectory)\apiscan" -Recurse displayName: List Files for APIScan - - task: DotNetCoreCLI@2 - displayName: Generate exclusion list and set ApiScanVersion - inputs: - projects: LibZipSharp/libZipSharp.csproj - arguments: -v:n -t:GenerateApiScanExclusions - - task: APIScan@2 displayName: Run APIScan inputs: @@ -334,13 +328,8 @@ stages: symbolsFolder: 'SRV*http://symweb;$(Build.StagingDirectory)\apiscan' softwareName: $(ApiScanName) softwareVersionNum: $(ApiScanVersion) - exclusionList: $(Build.SourcesDirectory)/build-tools/automation/ApiScanExclusionList.gen.xml isLargeApp: true toolVersion: Latest - modeType: prerelease - preserveTempFiles: true - preserveLogsFolder: true - verbosityLevel: verbose env: AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret) diff --git a/build-tools/automation/ApiScanExclusionList.in.xml b/build-tools/automation/ApiScanExclusionList.in.xml deleted file mode 100644 index a5073f1a..00000000 --- a/build-tools/automation/ApiScanExclusionList.in.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - - - - - - From 2bc1548a651696a1a0e8ccb7131cd60dc7112852 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Thu, 8 Feb 2024 14:06:10 -0800 Subject: [PATCH 16/24] Format --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index c7442b9d..34d0c3f0 100644 --- a/.gitignore +++ b/.gitignore @@ -51,4 +51,4 @@ build/* TestResult.xml artifacts lzsbuild -.ccls-cache \ No newline at end of file +.ccls-cache From 04cf3f169e253c55aacfad84b06a5327b2917e4f Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Mon, 12 Feb 2024 14:59:33 -0800 Subject: [PATCH 17/24] Update version --- .gitignore | 1 + azure-pipelines.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 34d0c3f0..2372dfb9 100644 --- a/.gitignore +++ b/.gitignore @@ -52,3 +52,4 @@ TestResult.xml artifacts lzsbuild .ccls-cache + diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 8633337a..40797274 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -327,7 +327,7 @@ stages: softwareFolder: $(Build.StagingDirectory)\apiscan symbolsFolder: 'SRV*http://symweb;$(Build.StagingDirectory)\apiscan' softwareName: $(ApiScanName) - softwareVersionNum: $(ApiScanVersion) + softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion) isLargeApp: true toolVersion: Latest env: From aae0c83506a02e94be6f081f60c7f65f1949f0ad Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Fri, 23 Feb 2024 10:46:28 -0800 Subject: [PATCH 18/24] Clean up --- .gitignore | 2 +- CMakeLists.txt | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2372dfb9..b8c73823 100644 --- a/.gitignore +++ b/.gitignore @@ -52,4 +52,4 @@ TestResult.xml artifacts lzsbuild .ccls-cache - + \ No newline at end of file diff --git a/CMakeLists.txt b/CMakeLists.txt index aa37fdfb..c38d1ba8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -590,7 +590,6 @@ else() target_link_options( ${PROJECT_NAME} PRIVATE - /PROFILE /wholearchive:$ ) endif() From 373fa9b6d67f572e5a393af5c1b63095874c8d05 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Mon, 26 Feb 2024 13:40:09 -0800 Subject: [PATCH 19/24] Try to use VS API scan parameters --- azure-pipelines.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index e6a4eedb..72d08402 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -28,6 +28,10 @@ parameters: variables: - group: Xamarin-Secrets +- name : ApiScanSoftwareName + value: VS +- name : ApiScanSoftwareVersion + value: 17 - name: DisablePipelineConfigDetector value: true - name: WindowsPoolImage1ESPT @@ -401,18 +405,18 @@ extends: Contents: | $(Build.SourcesDirectory)\nuget\**\?(*.dll|*.exe|*.pdb) !$(Build.SourcesDirectory)\**\runtimes\win-arm64\native\libzipsharpnative*.dll - TargetFolder: $(Build.StagingDirectory)\apiscan + TargetFolder: $(Agent.TempDirectory) - - powershell: Get-ChildItem -Path "$(Build.StagingDirectory)\apiscan" -Recurse + - powershell: Get-ChildItem -Path "$(Agent.TempDirectory)" -Recurse displayName: List Files for APIScan - task: APIScan@2 displayName: Run APIScan inputs: - softwareFolder: $(Build.StagingDirectory)\apiscan + softwareFolder: $(Agent.TempDirectory) symbolsFolder: 'SRV*http://symweb;$(Build.StagingDirectory)\apiscan' - softwareName: $(ApiScanName) - softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion) + softwareName: $(ApiScanSoftwareName) + softwareVersionNum: $(ApiScanSoftwareVersion) toolVersion: Latest env: AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret) From 689d1a491c36a011cde2b2d6658ced07fab5632f Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Mon, 26 Feb 2024 13:40:39 -0800 Subject: [PATCH 20/24] Format --- azure-pipelines.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 72d08402..7b757607 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -28,9 +28,9 @@ parameters: variables: - group: Xamarin-Secrets -- name : ApiScanSoftwareName +- name: ApiScanSoftwareName value: VS -- name : ApiScanSoftwareVersion +- name: ApiScanSoftwareVersion value: 17 - name: DisablePipelineConfigDetector value: true From 42afb37422024042850831784a0f49e60156a4cc Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Mon, 26 Feb 2024 13:45:05 -0800 Subject: [PATCH 21/24] Fix scan nuget download --- azure-pipelines.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 7b757607..b4f0dee5 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -387,12 +387,13 @@ extends: workspace: clean: all steps: - - task: DownloadBuildArtifacts@0 - displayName: download artifacts + - task: DownloadPipelineArtifact@2 + displayName: download nuget artifact inputs: - artifactName: NuGet + artifactName: nuget downloadPath: $(Build.StagingDirectory) - + itemPattern: '*.nupkg' + - task: ExtractFiles@1 displayName: Extract nuget inputs: From 41e08b0c265e77d216ab69491dd37039f5476821 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Mon, 26 Feb 2024 14:38:03 -0800 Subject: [PATCH 22/24] Fix symbol path --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index b4f0dee5..43e29b2c 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -415,7 +415,7 @@ extends: displayName: Run APIScan inputs: softwareFolder: $(Agent.TempDirectory) - symbolsFolder: 'SRV*http://symweb;$(Build.StagingDirectory)\apiscan' + symbolsFolder: 'SRV*http://symweb;$(Agent.TempDirectory)' softwareName: $(ApiScanSoftwareName) softwareVersionNum: $(ApiScanSoftwareVersion) toolVersion: Latest From 1869e78e016f0b1f1d53c6a353fb9c165b0c41b5 Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Tue, 27 Feb 2024 09:54:05 -0800 Subject: [PATCH 23/24] Update params --- azure-pipelines.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 43e29b2c..3741e824 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -31,7 +31,7 @@ variables: - name: ApiScanSoftwareName value: VS - name: ApiScanSoftwareVersion - value: 17 + value: 17.10 - name: DisablePipelineConfigDetector value: true - name: WindowsPoolImage1ESPT @@ -406,16 +406,16 @@ extends: Contents: | $(Build.SourcesDirectory)\nuget\**\?(*.dll|*.exe|*.pdb) !$(Build.SourcesDirectory)\**\runtimes\win-arm64\native\libzipsharpnative*.dll - TargetFolder: $(Agent.TempDirectory) + TargetFolder: $(Agent.TempDirectory)\T - - powershell: Get-ChildItem -Path "$(Agent.TempDirectory)" -Recurse + - powershell: Get-ChildItem -Path "$(Agent.TempDirectory)\T" -Recurse displayName: List Files for APIScan - task: APIScan@2 displayName: Run APIScan inputs: - softwareFolder: $(Agent.TempDirectory) - symbolsFolder: 'SRV*http://symweb;$(Agent.TempDirectory)' + softwareFolder: $(Agent.TempDirectory)\T + symbolsFolder: 'SRV*http://symweb;$(Agent.TempDirectory)\T' softwareName: $(ApiScanSoftwareName) softwareVersionNum: $(ApiScanSoftwareVersion) toolVersion: Latest From ed732542d841848e34cf7b90a61085287074f43a Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Thu, 29 Feb 2024 12:53:15 -0800 Subject: [PATCH 24/24] Run API scan on new performance pool --- azure-pipelines.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 3741e824..37f50502 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -382,7 +382,10 @@ extends: jobs: - job: api_scan displayName: API Scan - pool: $(MicroBuildPoolName) + pool: + name: Maui-1ESPT + image: $(WindowsPoolImage1ESPT) + os: windows timeoutInMinutes: 360 workspace: clean: all