diff --git a/.github/workflows/build-vsix.yml b/.github/workflows/build-vsix.yml
index 04f3f60..052e258 100644
--- a/.github/workflows/build-vsix.yml
+++ b/.github/workflows/build-vsix.yml
@@ -13,7 +13,7 @@ jobs:
env:
# jfrog cli version can be changed here
- JFROG_CLI_VERSION: '2.67.0'
+ JFROG_CLI_VERSION: '2.71.3'
steps:
- name: Checkout code
@@ -48,6 +48,12 @@ jobs:
- name: Build VSIX Project
run: msbuild JFrogVSExtension.sln /p:Configuration=Release /p:Platform="Any CPU" /p:BuildInParallel=true /m
+ # Verify that the PDB file is not included in the .vsix file, this will expose unwanted debug information about the development env
+ - name: Check for PDB in VSIX
+ run: |
+ .\scripts\ValidatePDBFilesAbsenceInReleaseMode.ps1
+ shell: pwsh
+
# Upload vsix and unit test as artifacts for other workflows usage
- name: Upload vsix artifacts
uses: actions/upload-artifact@v3
diff --git a/JFrogVSExtension.sln b/JFrogVSExtension.sln
index 1054059..8ccce8f 100644
--- a/JFrogVSExtension.sln
+++ b/JFrogVSExtension.sln
@@ -15,8 +15,8 @@ Global
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
- {6443B797-2478-4A1D-BECA-28E24C1F1F41}.Debug|Any CPU.ActiveCfg = Release|Any CPU
- {6443B797-2478-4A1D-BECA-28E24C1F1F41}.Debug|Any CPU.Build.0 = Release|Any CPU
+ {6443B797-2478-4A1D-BECA-28E24C1F1F41}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {6443B797-2478-4A1D-BECA-28E24C1F1F41}.Debug|Any CPU.Build.0 = Debug|Any CPU
{6443B797-2478-4A1D-BECA-28E24C1F1F41}.Debug|x86.ActiveCfg = Debug|x86
{6443B797-2478-4A1D-BECA-28E24C1F1F41}.Debug|x86.Build.0 = Debug|x86
{6443B797-2478-4A1D-BECA-28E24C1F1F41}.Release|Any CPU.ActiveCfg = Release|Any CPU
diff --git a/JFrogVSExtension/JFrogVSExtension.csproj b/JFrogVSExtension/JFrogVSExtension.csproj
index a13c826..6c669c7 100644
--- a/JFrogVSExtension/JFrogVSExtension.csproj
+++ b/JFrogVSExtension/JFrogVSExtension.csproj
@@ -52,13 +52,16 @@
AnyCPU
- full
- false
+ pdbonly
+ true
bin\Release\
- DEBUG;TRACE
+
+
prompt
2
- true
+ false
+ false
+ false
diff --git a/JFrogVSExtension/source.extension.vsixmanifest b/JFrogVSExtension/source.extension.vsixmanifest
index 14bfdef..f5a6984 100644
--- a/JFrogVSExtension/source.extension.vsixmanifest
+++ b/JFrogVSExtension/source.extension.vsixmanifest
@@ -1,25 +1,25 @@
-
-
- JFrog V2
- Visual Studio extension to integrate with JFrog Xray for scanning solution components.
- Resources\Icon.png
- Resources\PreviewImage.png
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+ JFrog V2
+ Visual Studio extension to integrate with JFrog Xray for scanning solution components.
+ Resources\Icon.png
+ Resources\PreviewImage.png
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/README.md b/README.md
index 85e1e13..c891eb1 100644
--- a/README.md
+++ b/README.md
@@ -1,49 +1,27 @@
-# JFrog Visual Studio Extension
+# JFrog Visual Studio Extension
+[](https://github.com/jfrog/frogbot#readme)
+
| Target | Status | Installs |
|:------------------------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|
-| Visual Studio 2022 | [](https://marketplace.visualstudio.com/items?itemName=JFrog.JFrogV2) |  |
-| Visual Studio 2017, 2019 | [](https://marketplace.visualstudio.com/items?itemName=JFrog.JFrog) |  |
-
-
-# Table of Contents
-
-- [About this Extension](#about-this-extension)
- - [Component Tree Icons](#component-tree-icons)
-- [Installing the Extension](#installing-the-extension)
-- [Building the Sources](#building-the-sources)
-- [Troublshooting Issues](#troublshooting-issues)
-- [Release Notes](#release-notes)
-- [Code Contributions](#code-contributions)
-
-## About this Extension
-JFrog Visual studio extension adds JFrog Xray scanning of NuGet project dependencies to your Visual Studio.
-To learn how to use the extension, please visit the [JFrog Visual Studio Extension User Guide](https://www.jfrog.com/confluence/display/XRAY/IDE+Integration#IDEIntegration-JFrogVisualStudioExtension).
-
-### Component Tree Icons
-The icon demonstrates the top severity issue of a selected component and its transitive dependencies. The following table describes the severities from lowest to highest:
-| Icon | Severity | Description |
-|:-----------------------------------:|:--------:|:---------------------------------------------------------------------------------------|
-|  | Normal | Scanned - No Issues |
-|  | Unknown | No CVEs attached to the vulnerability or the selected component not identified in Xray |
-|  | Low | Top issue with low severity |
-|  | Medium | Top issue with medium severity |
-|  | High | Top issue with high severity |
-|  | Critical | Top issue with critical severity
-
-## Installing the Extension
-1. Make sure nuget.exe exists under your PATH environment variable
-2. Open Visual Studio
-3. Open *Tools* --> *Extensions and Updates*
-
-
-
-4. Search for JFrog Visual Studio Extension
-5. Click on *Download*
-6. Once the installation is completed, re-open Visual Studio.
-
-## Release Notes
+| Visual Studio 2022 | [Visual Studio 2022](https://marketplace.visualstudio.com/items?itemName=JFrog.JFrogV2) |  |
+| Visual Studio 2017, 2019 | [Visual Studio 2017,2019](https://marketplace.visualstudio.com/items?itemName=JFrog.JFrog) |  |
+
+
+| Branch | Status |
+|:------:|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|
+| master | [](https://github.com/jfrog/jfrog-visual-studio-extension/actions/workflows/tests.yml?query=branch%master) |
+| dev | [](https://github.com/jfrog/jfrog-visual-studio-extension/actions/workflows/tests.yml?query=branch%3Adev) |
+
+## 🤖 About this Extension
+The JFrog Visual Studio Extension adds JFrog Xray scanning of NuGet project dependencies to your Visual Studio IDE. It allows developers to view panels displaying vulnerability information about the components and their dependencies directly in Visual Studio. With this information, a developer can make an informed decision on whether to use a component or not before it gets entrenched into the organization’s product. The extension filter allows you view the scanned results according to issues.
+To learn how to use the extension, please visit the [JFrog Visual Studio Extension User Guide](https://jfrog.com/help/r/jfrog-integrations-documentation/jfrog-visual-studio-extension).
+
+## 🥏 Release Notes
The release notes are available [here](https://github.com/jfrog/jfrog-visual-studio-extension/releases).
-## Code Contributions
-We welcome community contribution through pull requests.
+## 🔥 Reporting Issues
+Please help us improve by reporting issues you encounter [here](https://github.com/jfrog/jfrog-visual-studio-extension/issues).
+
+## 💻 Contributions
+We welcome community contribution through pull requests. To help us improve this project, please read our [Contribution](https://github.com/jfrog/jfrog-visual-studio-extension/blob/master/CONTRIBUTING.md) guide.
diff --git a/UnitTestJfrogVSExtension/PowerShellScriptTests.cs b/UnitTestJfrogVSExtension/PowerShellScriptTests.cs
index f8811e2..44060a0 100644
--- a/UnitTestJfrogVSExtension/PowerShellScriptTests.cs
+++ b/UnitTestJfrogVSExtension/PowerShellScriptTests.cs
@@ -15,7 +15,10 @@ public class PowerShellScriptTests
public static string rootDir = GetProjectRoot(AppDomain.CurrentDomain.BaseDirectory);
public static string updateVersionScriptPath = Path.Combine(rootDir, @"scripts\UpdateVsixVersion.ps1");
public static string downloadCliScriptPath = Path.Combine(rootDir, @"scripts\DownloadJfrogCli.ps1");
- public static string vsixManifestMockPath = Path.Combine(rootDir, @"scripts\vsixmanifestMock");
+ public static string validatePDBScriptPath = Path.Combine(rootDir, @"scripts\ValidatePDBFilesAbsenceInReleaseMode.ps1");
+ public static string vsixManifestMockPath = Path.Combine(rootDir, @"UnitTestJfrogVSExtension\Resources\vsixmanifestMock");
+ public static string vsixWithPDBFilePath = Path.Combine(rootDir, @"UnitTestJfrogVSExtension\Resources\includePdbFile.vsix");
+ public static string vsixWithoutPDBFilePath = Path.Combine(rootDir, @"UnitTestJfrogVSExtension\Resources\excludePdbFile.vsix");
[TestMethod]
public void Test_UpdateVsixVersion_ValidVersion()
@@ -60,6 +63,32 @@ public void Test_DownloadJfrogCli()
Assert.AreEqual(0, exitCode);
}
+ [TestMethod]
+ public void Test_VsixContainsPdbFile()
+ {
+ var envVars = new Dictionary
+ {
+ { "VSIX_PATH", vsixWithPDBFilePath },
+ };
+
+ // script should fail and return exit code 1
+ int exitCode = RunPowerShellScript(validatePDBScriptPath, envVars);
+ Assert.AreEqual(1, exitCode, "The PDB file should be found in the VSIX.");
+ }
+
+ [TestMethod]
+ public void Test_VsixDoesNotContainPdbFile()
+ {
+ var envVars = new Dictionary
+ {
+ { "VSIX_PATH", vsixWithoutPDBFilePath },
+ };
+
+ // script should succeed and return exit code 0
+ int exitCode = RunPowerShellScript(validatePDBScriptPath, envVars);
+ Assert.AreEqual(0, exitCode, "The PDB file should not be found in the VSIX.");
+ }
+
private static string GetProjectRoot(string currentDir)
{
while (Directory.GetFiles(currentDir, "*.sln").Length == 0)
diff --git a/UnitTestJfrogVSExtension/Resources/excludePdbFile.vsix b/UnitTestJfrogVSExtension/Resources/excludePdbFile.vsix
new file mode 100644
index 0000000..a093776
Binary files /dev/null and b/UnitTestJfrogVSExtension/Resources/excludePdbFile.vsix differ
diff --git a/UnitTestJfrogVSExtension/Resources/includePdbFile.vsix b/UnitTestJfrogVSExtension/Resources/includePdbFile.vsix
new file mode 100644
index 0000000..7805f63
Binary files /dev/null and b/UnitTestJfrogVSExtension/Resources/includePdbFile.vsix differ
diff --git a/scripts/vsixmanifestMock b/UnitTestJfrogVSExtension/Resources/vsixmanifestMock
similarity index 100%
rename from scripts/vsixmanifestMock
rename to UnitTestJfrogVSExtension/Resources/vsixmanifestMock
diff --git a/UnitTestJfrogVSExtension/UnitTestJfrogVSExtension.csproj b/UnitTestJfrogVSExtension/UnitTestJfrogVSExtension.csproj
index 45e6894..8a1049b 100644
--- a/UnitTestJfrogVSExtension/UnitTestJfrogVSExtension.csproj
+++ b/UnitTestJfrogVSExtension/UnitTestJfrogVSExtension.csproj
@@ -33,7 +33,8 @@
pdbonly
true
bin\Release\
- TRACE
+
+
prompt
4
diff --git a/scripts/ValidatePDBFilesAbsenceInReleaseMode.ps1 b/scripts/ValidatePDBFilesAbsenceInReleaseMode.ps1
new file mode 100644
index 0000000..79ffc53
--- /dev/null
+++ b/scripts/ValidatePDBFilesAbsenceInReleaseMode.ps1
@@ -0,0 +1,33 @@
+# if vsix file path was not defined - use the default location in release folder
+if (-not $env:VSIX_PATH) {
+ $env:VSIX_PATH=Join-Path "$(pwd)" "JfrogVSExtension\bin\Release\JfrogVSExtension.vsix"
+}
+
+$pdbExists = $false
+$fileName = ""
+
+# Validate that the necessary assembly for unzipping the .vsix file exists
+Add-Type -AssemblyName System.IO.Compression.FileSystem
+
+# Check if the .vsix file contains the PDB file
+if (Test-Path $env:VSIX_PATH) {
+ $zipContent = [System.IO.Compression.ZipFile]::OpenRead($env:VSIX_PATH)
+ foreach ($entry in $zipContent.Entries) {
+ if ($entry.FullName -like "*JfrogVSExtension.pdb") {
+ $pdbExists = $true
+ $fileName = $entry.FullName
+ break
+ }
+ }
+ $zipContent.Dispose()
+} else {
+ Write-Error "VSIX file does not exist in the following path: $env:VSIX_PATH."
+ exit 1 # Fail the workflow if the .vsix file is not found
+}
+
+if ($pdbExists) {
+ Write-Error "PDB file exists in VSIX. file name = $fileName Please check your project settings."
+ exit 1 # Fail the workflow if the PDB file is found
+} else {
+ Write-Host "PDB file not found in VSIX. Release mode build is clean."
+}
\ No newline at end of file