diff --git a/eng/pipelines/aggregate-reports.yml b/eng/pipelines/aggregate-reports.yml index 6ee613046eb7..aa84228ae386 100644 --- a/eng/pipelines/aggregate-reports.yml +++ b/eng/pipelines/aggregate-reports.yml @@ -168,6 +168,26 @@ stages: -WorkingDirectory '$(Build.ArtifactStagingDirectory)' -NupkgFilesDestination 'nupkgFiles' + - task: AzureCLI@2 + displayName: Azure CLI Login + inputs: + azureSubscription: azure-sdk-apiscan + scriptType: pscore + scriptLocation: inlineScript + addSpnToEnvironment: true + inlineScript: | + az --version + az account show -o json + Write-Host "##vso[task.setvariable variable=ARM_CLIENT_ID;issecret=true]$($env:servicePrincipalId)" + Write-Host "##vso[task.setvariable variable=ARM_TENANT_ID;issecret=true]$($env:tenantId)" + Write-Host "##vso[task.setvariable variable=ARM_OIDC_TOKEN;issecret=true]$($env:idToken)" + + - pwsh: | + # Need to re-login with the az login so that it presists and can be used in the APISca task + az login --service-principal -u $(ARM_CLIENT_ID) --tenant $(ARM_TENANT_ID) --allow-no-subscriptions --federated-token $(ARM_OIDC_TOKEN) + az account show -o json + displayName: Persist CLI Login for ApiScan usage + - task: securedevelopmentteam.vss-secure-development-tools.build-task-apiscan.APIScan@2 displayName: 'Run APIScan' inputs: @@ -179,8 +199,14 @@ stages: preserveLogsFolder: true verbosityLevel: standard env: - # azure-sdk-apiscan (81109e5f-0620-423c-a37a-c22fbf8973a7) - AzureServicesAuthConnectionString: runAs=App;AppId=81109e5f-0620-423c-a37a-c22fbf8973a7;TenantId=72f988bf-86f1-41af-91ab-2d7cd011db47;AppKey=$(azure-sdk-apiscan-client-secret) + AzureServicesAuthConnectionString: RunAs=Developer;DeveloperTool=AzureCli + + - pwsh: | + az account show -o json + az logout + az account clear + displayName: Logout of Azure CLI + condition: succeededOrFailed() - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2 displayName: 'Post Analysis (ApiScan)'