-
Notifications
You must be signed in to change notification settings - Fork 5.5k
/
Copy pathbuild-app-internal.yaml
86 lines (76 loc) · 3.06 KB
/
build-app-internal.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# This template contains a job to build the app for a single architecture and run static analysis
# tools on the binaries.
# The app is built in a production configuration to be released to the Store and the Windows image.
# This job relies on Microsoft-internal resources to run.
parameters:
platform: ''
condition: ''
isPublicRelease: false
jobs:
- job: Build${{ parameters.platform }}
displayName: Build ${{ parameters.platform }}
condition: ${{ parameters.condition }}
pool:
vmImage: windows-2019
variables:
BuildConfiguration: Release
BuildPlatform: ${{ parameters.platform }}
steps:
- checkout: self
fetchDepth: 1
- task: UniversalPackages@0
displayName: Download internals package
inputs:
command: download
downloadDirectory: $(Build.SourcesDirectory)
vstsFeed: WindowsInboxApps
vstsFeedPackage: calculator-internals
${{ if eq(parameters.isPublicRelease, true) }}:
vstsPackageVersion: 0.0.66
${{ if eq(parameters.isPublicRelease, false) }}:
vstsPackageVersion: 0.0.65
- template: ./build-single-architecture.yaml
parameters:
extraMsBuildArgs: '/p:IsStoreBuild=true'
- task: PublishSymbols@2
displayName: Publish symbols
inputs:
symbolsFolder: $(Build.BinariesDirectory)\$(BuildConfiguration)\$(BuildPlatform)
searchPattern: '**/*.pdb'
symbolServerType: teamServices
treatNotIndexedAsWarning: true
symbolsArtifactName: $(System.teamProject)/$(Build.BuildNumber)_$(BuildPlatform)$(BuildConfiguration)
- task: CopyFiles@2
displayName: Copy Files for BinSkim analysis
inputs:
SourceFolder: '$(Build.BinariesDirectory)\$(BuildConfiguration)\$(BuildPlatform)\Calculator\'
# Setting up a folder to store all the binary files that we need BinSkim to scan.
# If we put more things than we produce pdbs for and can index (such as nuget packages that ship without pdbs), binskim will fail.
# Below are ignored files
# - clrcompression.dll
Contents: |
**\*
!**\clrcompression.dll
TargetFolder: '$(Agent.BuildDirectory)\binskim'
CleanTargetFolder: true
OverWrite: true
flattenFolders: false
analyzeTarget: '$(Agent.BuildDirectory)\binskim\*'
- task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@3
displayName: Run BinSkim
inputs:
inputType: Basic
analyzeTarget: '$(Agent.BuildDirectory)\binskim\*'
analyzeVerbose: true
analyzeHashes: true
continueOnError: true
- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
displayName: Run PoliCheck
inputs:
targetType: F
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
displayName: Publish security analysis logs
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
displayName: Detect open source components
inputs:
sourceScanPath: $(Agent.BuildDirectory)