diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 7d4f931..5aa5fb7 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -23,7 +23,7 @@ parameters:
- name: RUN_VERACODE_SCA
displayName: 'Execute Veracode SCA'
type: boolean
- default: false
+ default: true
- name: 'Build StackifyLib'
type: boolean
default: true
@@ -52,207 +52,214 @@ parameters:
variables:
- group: code-signing
-steps:
- - checkout: self
- clean: true
- lfs: true
- - task: AzureKeyVault@2
- displayName: 'Azure Key Vault: keyvault-build-resources'
- inputs:
- ConnectedServiceName: 514ed7d6-3846-4422-8013-af27483dd22c
- KeyVaultName: keyvault-build-resources
- RunAsPreJob: true
- - task: PowerShell@2
- displayName: 'Veracode SCA Scan'
- condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCA }}', 'true'))
- inputs:
- targetType: inline
- script: >
- $Env:SRCCLR_API_TOKEN="$(SRCCLR_API_TOKEN)"; Set-ExecutionPolicy AllSigned -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://download.sourceclear.com/ci.ps1')); srcclr scan .\Src\StackifyLib;
- - ${{ if eq(parameters['Build StackifyLib Signed'], true) }}:
- - task: DownloadSecureFile@1
- name: SNK
- displayName: Download Strong Name Key
- inputs:
- secureFile: 9d810a2d-d090-431c-9012-df939a4b1afe
- - task: PowerShell@2
- displayName: Move Signing Key To Project Directory
- inputs:
- targetType: inline
- filePath: Src/StackifyLib
- script: |
- # Write your PowerShell commands here.
- ls
- Move-Item $(SNK.secureFilePath) Src/StackifyLib/Netreo.snk
- - task: PowerShell@2
- displayName: Update csproj for .snk
- inputs:
- targetType: inline
- script: >
- (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib','StackifyLib.signed' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj -Encoding utf8
- # note: the signing attribute here is commented out so we can build locally
- - powershell: |
- $filename = Get-ChildItem ".\src\*\AssemblyInfo.cs" -Recurse
- $filename | %{
- (gc $_) -replace ([regex]::Escape("//[assembly: AssemblyKeyFile")), "[assembly: AssemblyKeyFile" | Set-Content $_.FullName -Encoding utf8
- }
- displayName: Uncoment signing attribute
- - task: DotNetCoreCLI@2
- displayName: dotnet restore
- inputs:
- command: restore
- projects: |
- Src\StackifyLib\*.csproj
- Src\StackifyLib.AspNetCore\*.csproj
- Src\StackifyLib.CoreLogger\*.csproj
- Src\StackifyLib.log4net\*.csproj
- Src\Nlog.Targets.Stackify\*.csproj
- Src\NLog.Web.Stackify\*.csproj
- Src\StackifyLib.StackifyTraceListener\*.csproj
- - ${{ if eq(parameters['Build StackifyLib'], true) }}:
- - task: DotNetCoreCLI@2
- displayName: dotnet build
- inputs:
- projects: |
- Src\StackifyLib\*.csproj
- arguments: '-c $(BuildConfiguration)'
- - task: DotNetCoreCLI@2
- displayName: dotnet pack signed stackify lib
- inputs:
- command: pack
- searchPatternPack: Src\StackifyLib\*.csproj;
- nobuild: true
- - ${{ if eq(parameters['Build StackifyLib Signed'], true) }}:
- - task: DotNetCoreCLI@2
- displayName: Install NuGetKeyVaultSignTool
- continueOnError: true
- inputs:
- command: 'custom'
- custom: 'tool'
- arguments: 'install --global NuGetKeyVaultSignTool'
- - task: CmdLine@2
- displayName: 'Sign nuget package'
- inputs:
- script: NuGetKeyVaultSignTool sign $(Build.ArtifactStagingDirectory)\StackifyLib.signed.*.nupkg -kvu "$(SigningVaultURL)" -kvi "$(SigningAppClientId)" -kvt "$(SigningAppTenantId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com
- workingDirectory: $(Build.SourcesDirectory)
- - task: PowerShell@2
- displayName: Rename signed assemblies
- enabled: False
- inputs:
- targetType: inline
- script: "$files = @(Get-ChildItem -Path . -File -Filter *.nupkg)\n\nforeach($file in $files) {\n $BaseFilename = $file.BaseName\n $BaseFilenameSplit = $file.BaseName.Split(\".\")\n $LastVersionDigit = \"\"\n $NewFilenameBase = \"\"\n $PackageVersion = \"\"\n $IsBeta = \"False\"\n if ($BaseFilename.contains(\"beta\")) {\n $IsBeta = \"True\"\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 6,1)\n }\n else {\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 1)\n }\n foreach($namePart in $BaseFilenameSplit) {\n if (!$namePart.contains(\"beta\") -and $namePart -notmatch \"^\\d+$\") {\n $NewFilenameBase = $NewFilenameBase + $namePart + \".\"\n } else {\n # check for beta\n if ($namePart.contains(\"beta\")) {\n $PackageVersion = $PackageVersion + $namePart.Substring(0,1)\n } else {\n $PackageVersion = $PackageVersion + $namePart\n }\n # check length to append a .\n if ($namePart -notmatch $LastVersionDigit) {\n $PackageVersion = $PackageVersion + \".\"\n }\n }\n }\n \n # check beta\n $FinalFilenameBase = \"\"\n if ($IsBeta -match \"True\") {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion + \"-beta\"\n } else {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion\n }\n $FinalFilename = $FinalFilenameBase + $file.Extension\n Rename-Item -Path $file -NewName $FinalFilename\n}"
- workingDirectory: $(Build.ArtifactStagingDirectory)
- - task: PublishPipelineArtifact@1
- displayName: Publish Signed Artifact
- inputs:
- path: $(Build.ArtifactStagingDirectory)
- artifactName: Signed NuGet Packages
- - task: PowerShell@2
- displayName: Delete signed assemblies
- enabled: true
- inputs:
- targetType: inline
- script: >
- Remove-Item *.signed*.nupkg
- workingDirectory: $(Build.ArtifactStagingDirectory)
- - task: PowerShell@2
- displayName: Remove Sign Code
- enabled: false
- inputs:
- targetType: filePath
- arguments: ''
- filePath: Scripts/RemoveSignCode.ps1
- workingDirectory: $(Build.SourcesDirectory)
- - task: PowerShell@2
- displayName: Remove Sign Code Inline
- inputs:
- targetType: 'inline'
- script: |
- function Remove-SignCode {
- param (
- $ASMFile
- )
- Set-Content -Path $ASMFile -Value (Get-Content -Path $ASMFile | Select-String -Pattern AssemblyKeyFileAttribute -NotMatch )
- }
-
- $files = @(Get-ChildItem -Path . -Directory -Filter Stackify*)
-
- foreach ($file in $files) {
- $asmInfo = Get-ChildItem -Path $file/Properties/AssemblyInfo.cs
- Remove-SignCode -ASMFile $asmInfo
- }
- - task: PowerShell@2
- displayName: Update csproj for no .snk
- inputs:
- targetType: inline
- script: >
- (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib.signed','StackifyLib' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj
- - ${{ if eq(parameters['Build StackifyLib.AspNetCore'], true) }}:
- - template: templates/build-and-pack.yml
- parameters:
- BuildConfiguration: '$(BuildConfiguration)'
- ProjectJobName: 'StackifyLib_AspNetCore'
- ProjectName: 'StackifyLib.AspNetCore'
- ProjectLocation: 'Src\StackifyLib.AspNetCore\*.csproj'
- - ${{ if eq(parameters['Build StackifyLib.CoreLogger'], true) }}:
- - template: templates/build-and-pack.yml
- parameters:
- BuildConfiguration: '$(BuildConfiguration)'
- ProjectJobName: 'StackifyLib_CoreLogger'
- ProjectName: 'StackifyLib.CoreLogger'
- ProjectLocation: 'Src\StackifyLib.CoreLogger\*.csproj'
- - ${{ if eq(parameters['Build StackifyLib.log4net'], true) }}:
- - template: templates/build-and-pack.yml
- parameters:
- BuildConfiguration: '$(BuildConfiguration)'
- ProjectName: 'StackifyLib.log4net'
- ProjectJobName: 'StackifyLib_log4net'
- ProjectLocation: 'Src\StackifyLib.log4net\*.csproj'
- - ${{ if eq(parameters['Build NLog.Targets.Stackify'], true) }}:
- - template: templates/build-and-pack.yml
- parameters:
- BuildConfiguration: '$(BuildConfiguration)'
- ProjectName: 'NLog.Targets.Stackify'
- ProjectJobName: 'NLog_Targets_Stackify'
- ProjectLocation: 'Src\NLog.Targets.Stackify\*.csproj'
- - ${{ if eq(parameters['Build NLog.Web.Stackify'], true) }}:
- - template: templates/build-and-pack.yml
- parameters:
- BuildConfiguration: '$(BuildConfiguration)'
- ProjectName: 'NLog.Web.Stackify'
- ProjectJobName: 'NLog_Web_Stackify'
- ProjectLocation: 'Src\NLog.Web.Stackify\*.csproj'
- - ${{ if eq(parameters['Build StackifyLib.StackifyTraceListener'], true) }}:
- - template: templates/build-and-pack.yml
- parameters:
- BuildConfiguration: '$(BuildConfiguration)'
- ProjectName: 'StackifyLib.StackifyTraceListener'
- ProjectJobName: 'StackifyLib_StackifyTraceListener'
- ProjectLocation: 'Src\StackifyLib.StackifyTraceListener\*.csproj'
- - task: PublishPipelineArtifact@1
- displayName: Publish Pipeline Artifact [Unsigned]
- inputs:
- path: $(Build.ArtifactStagingDirectory)
- artifactName: Unsigned NuGet Packages
- - ${{ if eq(parameters['Build StackifyLib'], true) }}:
- - task: PowerShell@2
- displayName: PowerShell Script
+stages:
+ - stage: FirstStage
+ jobs:
+ - job: Build
+ steps:
+ - checkout: self
+ clean: true
+ lfs: true
+ - task: AzureKeyVault@2
+ displayName: 'Azure Key Vault: keyvault-build-resources'
+ inputs:
+ ConnectedServiceName: 514ed7d6-3846-4422-8013-af27483dd22c
+ KeyVaultName: keyvault-build-resources
+ RunAsPreJob: true
+ - ${{ if eq(parameters['Build StackifyLib Signed'], true) }}:
+ - task: DownloadSecureFile@1
+ name: SNK
+ displayName: Download Strong Name Key
+ inputs:
+ secureFile: 9d810a2d-d090-431c-9012-df939a4b1afe
+ - task: PowerShell@2
+ displayName: Move Signing Key To Project Directory
+ inputs:
+ targetType: inline
+ filePath: Src/StackifyLib
+ script: |
+ # Write your PowerShell commands here.
+ ls
+ Move-Item $(SNK.secureFilePath) Src/StackifyLib/Netreo.snk
+ - task: PowerShell@2
+ displayName: Update csproj for .snk
+ inputs:
+ targetType: inline
+ script: >
+ (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib','StackifyLib.signed' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj -Encoding utf8
+ # note: the signing attribute here is commented out so we can build locally
+ - powershell: |
+ $filename = Get-ChildItem ".\src\*\AssemblyInfo.cs" -Recurse
+ $filename | %{
+ (gc $_) -replace ([regex]::Escape("//[assembly: AssemblyKeyFile")), "[assembly: AssemblyKeyFile" | Set-Content $_.FullName -Encoding utf8
+ }
+ displayName: Uncoment signing attribute
+ - task: DotNetCoreCLI@2
+ displayName: dotnet restore
+ inputs:
+ command: restore
+ projects: |
+ Src\StackifyLib\*.csproj
+ Src\StackifyLib.AspNetCore\*.csproj
+ Src\StackifyLib.CoreLogger\*.csproj
+ Src\StackifyLib.log4net\*.csproj
+ Src\Nlog.Targets.Stackify\*.csproj
+ Src\NLog.Web.Stackify\*.csproj
+ Src\StackifyLib.StackifyTraceListener\*.csproj
+ - ${{ if eq(parameters['Build StackifyLib'], true) }}:
+ - task: DotNetCoreCLI@2
+ displayName: dotnet build
+ inputs:
+ projects: |
+ Src\StackifyLib\*.csproj
+ arguments: '-c $(BuildConfiguration)'
+ - task: DotNetCoreCLI@2
+ displayName: dotnet pack signed stackify lib
+ inputs:
+ command: pack
+ searchPatternPack: Src\StackifyLib\*.csproj;
+ nobuild: true
+ - ${{ if eq(parameters['Build StackifyLib Signed'], true) }}:
+ - task: DotNetCoreCLI@2
+ displayName: Install NuGetKeyVaultSignTool
+ continueOnError: true
+ inputs:
+ command: 'custom'
+ custom: 'tool'
+ arguments: 'install --global NuGetKeyVaultSignTool'
+ - task: CmdLine@2
+ displayName: 'Sign nuget package'
+ inputs:
+ script: NuGetKeyVaultSignTool sign $(Build.ArtifactStagingDirectory)\StackifyLib.signed.*.nupkg -kvu "$(SigningVaultURL)" -kvi "$(SigningAppClientId)" -kvt "$(SigningAppTenantId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com
+ workingDirectory: $(Build.SourcesDirectory)
+ - task: PowerShell@2
+ displayName: Rename signed assemblies
+ enabled: False
+ inputs:
+ targetType: inline
+ script: "$files = @(Get-ChildItem -Path . -File -Filter *.nupkg)\n\nforeach($file in $files) {\n $BaseFilename = $file.BaseName\n $BaseFilenameSplit = $file.BaseName.Split(\".\")\n $LastVersionDigit = \"\"\n $NewFilenameBase = \"\"\n $PackageVersion = \"\"\n $IsBeta = \"False\"\n if ($BaseFilename.contains(\"beta\")) {\n $IsBeta = \"True\"\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 6,1)\n }\n else {\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 1)\n }\n foreach($namePart in $BaseFilenameSplit) {\n if (!$namePart.contains(\"beta\") -and $namePart -notmatch \"^\\d+$\") {\n $NewFilenameBase = $NewFilenameBase + $namePart + \".\"\n } else {\n # check for beta\n if ($namePart.contains(\"beta\")) {\n $PackageVersion = $PackageVersion + $namePart.Substring(0,1)\n } else {\n $PackageVersion = $PackageVersion + $namePart\n }\n # check length to append a .\n if ($namePart -notmatch $LastVersionDigit) {\n $PackageVersion = $PackageVersion + \".\"\n }\n }\n }\n \n # check beta\n $FinalFilenameBase = \"\"\n if ($IsBeta -match \"True\") {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion + \"-beta\"\n } else {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion\n }\n $FinalFilename = $FinalFilenameBase + $file.Extension\n Rename-Item -Path $file -NewName $FinalFilename\n}"
+ workingDirectory: $(Build.ArtifactStagingDirectory)
+ - task: PublishPipelineArtifact@1
+ displayName: Publish Signed Artifact
+ inputs:
+ path: $(Build.ArtifactStagingDirectory)
+ artifactName: Signed NuGet Packages
+ - task: PowerShell@2
+ displayName: Delete signed assemblies
+ enabled: true
+ inputs:
+ targetType: inline
+ script: >
+ Remove-Item *.signed*.nupkg
+ workingDirectory: $(Build.ArtifactStagingDirectory)
+ - task: PowerShell@2
+ displayName: Remove Sign Code
+ enabled: false
+ inputs:
+ targetType: filePath
+ arguments: ''
+ filePath: Scripts/RemoveSignCode.ps1
+ workingDirectory: $(Build.SourcesDirectory)
+ - task: PowerShell@2
+ displayName: Remove Sign Code Inline
+ inputs:
+ targetType: 'inline'
+ script: |
+ function Remove-SignCode {
+ param (
+ $ASMFile
+ )
+ Set-Content -Path $ASMFile -Value (Get-Content -Path $ASMFile | Select-String -Pattern AssemblyKeyFileAttribute -NotMatch )
+ }
+
+ $files = @(Get-ChildItem -Path . -Directory -Filter Stackify*)
+
+ foreach ($file in $files) {
+ $asmInfo = Get-ChildItem -Path $file/Properties/AssemblyInfo.cs
+ Remove-SignCode -ASMFile $asmInfo
+ }
+ - task: PowerShell@2
+ displayName: Update csproj for no .snk
+ inputs:
+ targetType: inline
+ script: >
+ (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib.signed','StackifyLib' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj
+ - ${{ if eq(parameters['Build StackifyLib.AspNetCore'], true) }}:
+ - template: templates/build-and-pack.yml
+ parameters:
+ BuildConfiguration: '$(BuildConfiguration)'
+ ProjectJobName: 'StackifyLib_AspNetCore'
+ ProjectName: 'StackifyLib.AspNetCore'
+ ProjectLocation: 'Src\StackifyLib.AspNetCore\*.csproj'
+ - ${{ if eq(parameters['Build StackifyLib.CoreLogger'], true) }}:
+ - template: templates/build-and-pack.yml
+ parameters:
+ BuildConfiguration: '$(BuildConfiguration)'
+ ProjectJobName: 'StackifyLib_CoreLogger'
+ ProjectName: 'StackifyLib.CoreLogger'
+ ProjectLocation: 'Src\StackifyLib.CoreLogger\*.csproj'
+ - ${{ if eq(parameters['Build StackifyLib.log4net'], true) }}:
+ - template: templates/build-and-pack.yml
+ parameters:
+ BuildConfiguration: '$(BuildConfiguration)'
+ ProjectName: 'StackifyLib.log4net'
+ ProjectJobName: 'StackifyLib_log4net'
+ ProjectLocation: 'Src\StackifyLib.log4net\*.csproj'
+ - ${{ if eq(parameters['Build NLog.Targets.Stackify'], true) }}:
+ - template: templates/build-and-pack.yml
+ parameters:
+ BuildConfiguration: '$(BuildConfiguration)'
+ ProjectName: 'NLog.Targets.Stackify'
+ ProjectJobName: 'NLog_Targets_Stackify'
+ ProjectLocation: 'Src\NLog.Targets.Stackify\*.csproj'
+ - ${{ if eq(parameters['Build NLog.Web.Stackify'], true) }}:
+ - template: templates/build-and-pack.yml
+ parameters:
+ BuildConfiguration: '$(BuildConfiguration)'
+ ProjectName: 'NLog.Web.Stackify'
+ ProjectJobName: 'NLog_Web_Stackify'
+ ProjectLocation: 'Src\NLog.Web.Stackify\*.csproj'
+ - ${{ if eq(parameters['Build StackifyLib.StackifyTraceListener'], true) }}:
+ - template: templates/build-and-pack.yml
+ parameters:
+ BuildConfiguration: '$(BuildConfiguration)'
+ ProjectName: 'StackifyLib.StackifyTraceListener'
+ ProjectJobName: 'StackifyLib_StackifyTraceListener'
+ ProjectLocation: 'Src\StackifyLib.StackifyTraceListener\*.csproj'
+ - task: PublishPipelineArtifact@1
+ displayName: Publish Pipeline Artifact [Unsigned]
inputs:
- targetType: inline
- script: |
- $xml = [Xml] (Get-Content .\Src\StackifyLib\StackifyLib.csproj)
- $version = $xml.Project.PropertyGroup.Version
- echo $version
- $version = "$version".Trim()
- echo "##vso[task.setvariable variable=version]$version"
- echo "StackifyLib."$version".nupkg"
- workingDirectory: $(Build.SourcesDirectory)
- - task: Veracode@3
- displayName: 'Upload and scan: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg'
- condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCAN }}', 'true'))
- enabled: True
+ path: $(Build.ArtifactStagingDirectory)
+ artifactName: Unsigned NuGet Packages
+ - ${{ if eq(parameters['Build StackifyLib'], true) }}:
+ - task: PowerShell@2
+ displayName: PowerShell Script
+ inputs:
+ targetType: inline
+ script: |
+ $xml = [Xml] (Get-Content .\Src\StackifyLib\StackifyLib.csproj)
+ $version = $xml.Project.PropertyGroup.Version
+ echo $version
+ $version = "$version".Trim()
+ echo "##vso[task.setvariable variable=version]$version"
+ echo "StackifyLib."$version".nupkg"
+ workingDirectory: $(Build.SourcesDirectory)
+ - task: Veracode@3
+ displayName: 'Upload and scan: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg'
+ condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCAN }}', 'true'))
+ enabled: True
+ inputs:
+ AnalysisService: 51003f89-58ab-463c-8e20-41484888d9c7
+ veracodeAppProfile: Retrace .Net StackifyLib
+ version: AZ-Devops-Build-$(build.buildNumber)
+ filepath: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg
+
+ - job: SCA
+ pool:
+ vmImage: 'windows-latest'
+ steps:
+ - task: PowerShell@2
inputs:
- AnalysisService: 51003f89-58ab-463c-8e20-41484888d9c7
- veracodeAppProfile: Retrace .Net StackifyLib
- version: AZ-Devops-Build-$(build.buildNumber)
- filepath: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg
+ targetType: 'inline'
+ script: $Env:SRCCLR_API_TOKEN="$(SRCCLR_API_TOKEN)"; Set-ExecutionPolicy AllSigned -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://download.srcclr.com/ci.ps1')); srcclr scan --allow-dirty .;
+ condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCA }}', 'true'))
\ No newline at end of file