[GA] Split official pipeline #36937
[GA] Split official pipeline #36937
Conversation
AndriySvyryd
force-pushed
the
SplitPipeline
branch
from
3f71767 to
258cb90
Compare
| baselineFile: $(Build.SourcesDirectory)\.config\guardian\.gdnbaselines | ||
| binskim: | ||
| scanOutputDirectoryOnly: true | ||
| analyzeTargetGlob: '+:f|artifacts/bin/**/Microsoft.EntityFrameworkCore*.dll;+:f|artifacts/bin/**/Microsoft.Data.Sqlite*.dll;+:f|artifacts/bin/**/ef.exe;+:f|artifacts/bin/**/dotnet-ef.exe;-:f|artifacts/bin/**/shims/**/*.exe;' |
There was a problem hiding this comment.
This works fine in the main job, but fails in Publish Assets:
##[warning]Could not parse glob pattern +:f|artifacts\bin\**\Microsoft.EntityFrameworkCore*.dll;+:f|artifacts\bin\**\Microsoft.Data.Sqlite*.dll;+:f|artifacts\bin\**\ef.exe;+:f|artifacts\bin\**\dotnet-ef.exe;-:f|artifacts\bin\**\shims\**\*.exe; for argument Target. The value will be passed to the tool without resolution.
@mmitche Any ideas?
There was a problem hiding this comment.
So the official build template will eventually be an asset-less build and not produce anything anymore. This means we shouldn't run binskim or other tools in there.
BinSkim, CG and others compliance tools are now run from the VMR which should give us sufficient coverage. If we still want to run them in this individual repository, then we would need to do that in that other internal pipeline.
There was a problem hiding this comment.
Ok, but we still need to do it for ef6 as that is not part of VMR and has the same issue
Also, do we even need to set enablePublishBuildAssets: true for efcore?
There was a problem hiding this comment.
Also, do we even need to set enablePublishBuildAssets: true for efcore?
Don't think so.
There was a problem hiding this comment.
We'll likely continue running compliance tools in this pipeline until GA to avoid disruptions
Enable assetless build
Fix BinSkim filter
Fixes #34814