From f244795ca7bfa17d44aa7e996dd251a8dd9f64d0 Mon Sep 17 00:00:00 2001 From: Todd Lair Date: Mon, 5 Feb 2024 14:14:05 -0600 Subject: [PATCH 1/3] Updated the pipelines for develop branch --- azure-pipelines.yml | 371 ++++++++++++++++++++++---------------------- 1 file changed, 188 insertions(+), 183 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 7d4f931..cbb7178 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -52,189 +52,184 @@ parameters: variables: - group: code-signing -steps: - - checkout: self - clean: true - lfs: true - - task: AzureKeyVault@2 - displayName: 'Azure Key Vault: keyvault-build-resources' - inputs: - ConnectedServiceName: 514ed7d6-3846-4422-8013-af27483dd22c - KeyVaultName: keyvault-build-resources - RunAsPreJob: true - - task: PowerShell@2 - displayName: 'Veracode SCA Scan' - condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCA }}', 'true')) - inputs: - targetType: inline - script: > - $Env:SRCCLR_API_TOKEN="$(SRCCLR_API_TOKEN)"; Set-ExecutionPolicy AllSigned -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://download.sourceclear.com/ci.ps1')); srcclr scan .\Src\StackifyLib; - - ${{ if eq(parameters['Build StackifyLib Signed'], true) }}: - - task: DownloadSecureFile@1 - name: SNK - displayName: Download Strong Name Key - inputs: - secureFile: 9d810a2d-d090-431c-9012-df939a4b1afe - - task: PowerShell@2 - displayName: Move Signing Key To Project Directory - inputs: - targetType: inline - filePath: Src/StackifyLib - script: | - # Write your PowerShell commands here. - ls - Move-Item $(SNK.secureFilePath) Src/StackifyLib/Netreo.snk - - task: PowerShell@2 - displayName: Update csproj for .snk - inputs: - targetType: inline - script: > - (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib','StackifyLib.signed' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj -Encoding utf8 - # note: the signing attribute here is commented out so we can build locally - - powershell: | - $filename = Get-ChildItem ".\src\*\AssemblyInfo.cs" -Recurse - $filename | %{ - (gc $_) -replace ([regex]::Escape("//[assembly: AssemblyKeyFile")), "[assembly: AssemblyKeyFile" | Set-Content $_.FullName -Encoding utf8 - } - displayName: Uncoment signing attribute - - task: DotNetCoreCLI@2 - displayName: dotnet restore - inputs: - command: restore - projects: | - Src\StackifyLib\*.csproj - Src\StackifyLib.AspNetCore\*.csproj - Src\StackifyLib.CoreLogger\*.csproj - Src\StackifyLib.log4net\*.csproj - Src\Nlog.Targets.Stackify\*.csproj - Src\NLog.Web.Stackify\*.csproj - Src\StackifyLib.StackifyTraceListener\*.csproj - - ${{ if eq(parameters['Build StackifyLib'], true) }}: - - task: DotNetCoreCLI@2 - displayName: dotnet build - inputs: - projects: | - Src\StackifyLib\*.csproj - arguments: '-c $(BuildConfiguration)' - - task: DotNetCoreCLI@2 - displayName: dotnet pack signed stackify lib - inputs: - command: pack - searchPatternPack: Src\StackifyLib\*.csproj; - nobuild: true - - ${{ if eq(parameters['Build StackifyLib Signed'], true) }}: - - task: DotNetCoreCLI@2 - displayName: Install NuGetKeyVaultSignTool - continueOnError: true - inputs: - command: 'custom' - custom: 'tool' - arguments: 'install --global NuGetKeyVaultSignTool' - - task: CmdLine@2 - displayName: 'Sign nuget package' - inputs: - script: NuGetKeyVaultSignTool sign $(Build.ArtifactStagingDirectory)\StackifyLib.signed.*.nupkg -kvu "$(SigningVaultURL)" -kvi "$(SigningAppClientId)" -kvt "$(SigningAppTenantId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com - workingDirectory: $(Build.SourcesDirectory) - - task: PowerShell@2 - displayName: Rename signed assemblies - enabled: False - inputs: - targetType: inline - script: "$files = @(Get-ChildItem -Path . -File -Filter *.nupkg)\n\nforeach($file in $files) {\n $BaseFilename = $file.BaseName\n $BaseFilenameSplit = $file.BaseName.Split(\".\")\n $LastVersionDigit = \"\"\n $NewFilenameBase = \"\"\n $PackageVersion = \"\"\n $IsBeta = \"False\"\n if ($BaseFilename.contains(\"beta\")) {\n $IsBeta = \"True\"\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 6,1)\n }\n else {\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 1)\n }\n foreach($namePart in $BaseFilenameSplit) {\n if (!$namePart.contains(\"beta\") -and $namePart -notmatch \"^\\d+$\") {\n $NewFilenameBase = $NewFilenameBase + $namePart + \".\"\n } else {\n # check for beta\n if ($namePart.contains(\"beta\")) {\n $PackageVersion = $PackageVersion + $namePart.Substring(0,1)\n } else {\n $PackageVersion = $PackageVersion + $namePart\n }\n # check length to append a .\n if ($namePart -notmatch $LastVersionDigit) {\n $PackageVersion = $PackageVersion + \".\"\n }\n }\n }\n \n # check beta\n $FinalFilenameBase = \"\"\n if ($IsBeta -match \"True\") {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion + \"-beta\"\n } else {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion\n }\n $FinalFilename = $FinalFilenameBase + $file.Extension\n Rename-Item -Path $file -NewName $FinalFilename\n}" - workingDirectory: $(Build.ArtifactStagingDirectory) - - task: PublishPipelineArtifact@1 - displayName: Publish Signed Artifact - inputs: - path: $(Build.ArtifactStagingDirectory) - artifactName: Signed NuGet Packages - - task: PowerShell@2 - displayName: Delete signed assemblies - enabled: true - inputs: - targetType: inline - script: > - Remove-Item *.signed*.nupkg - workingDirectory: $(Build.ArtifactStagingDirectory) - - task: PowerShell@2 - displayName: Remove Sign Code - enabled: false - inputs: - targetType: filePath - arguments: '' - filePath: Scripts/RemoveSignCode.ps1 - workingDirectory: $(Build.SourcesDirectory) - - task: PowerShell@2 - displayName: Remove Sign Code Inline - inputs: - targetType: 'inline' - script: | - function Remove-SignCode { - param ( - $ASMFile - ) - Set-Content -Path $ASMFile -Value (Get-Content -Path $ASMFile | Select-String -Pattern AssemblyKeyFileAttribute -NotMatch ) - } - - $files = @(Get-ChildItem -Path . -Directory -Filter Stackify*) - - foreach ($file in $files) { - $asmInfo = Get-ChildItem -Path $file/Properties/AssemblyInfo.cs - Remove-SignCode -ASMFile $asmInfo - } - - task: PowerShell@2 - displayName: Update csproj for no .snk - inputs: - targetType: inline - script: > - (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib.signed','StackifyLib' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj - - ${{ if eq(parameters['Build StackifyLib.AspNetCore'], true) }}: - - template: templates/build-and-pack.yml - parameters: - BuildConfiguration: '$(BuildConfiguration)' - ProjectJobName: 'StackifyLib_AspNetCore' - ProjectName: 'StackifyLib.AspNetCore' - ProjectLocation: 'Src\StackifyLib.AspNetCore\*.csproj' - - ${{ if eq(parameters['Build StackifyLib.CoreLogger'], true) }}: - - template: templates/build-and-pack.yml - parameters: - BuildConfiguration: '$(BuildConfiguration)' - ProjectJobName: 'StackifyLib_CoreLogger' - ProjectName: 'StackifyLib.CoreLogger' - ProjectLocation: 'Src\StackifyLib.CoreLogger\*.csproj' - - ${{ if eq(parameters['Build StackifyLib.log4net'], true) }}: - - template: templates/build-and-pack.yml - parameters: - BuildConfiguration: '$(BuildConfiguration)' - ProjectName: 'StackifyLib.log4net' - ProjectJobName: 'StackifyLib_log4net' - ProjectLocation: 'Src\StackifyLib.log4net\*.csproj' - - ${{ if eq(parameters['Build NLog.Targets.Stackify'], true) }}: - - template: templates/build-and-pack.yml - parameters: - BuildConfiguration: '$(BuildConfiguration)' - ProjectName: 'NLog.Targets.Stackify' - ProjectJobName: 'NLog_Targets_Stackify' - ProjectLocation: 'Src\NLog.Targets.Stackify\*.csproj' - - ${{ if eq(parameters['Build NLog.Web.Stackify'], true) }}: - - template: templates/build-and-pack.yml - parameters: - BuildConfiguration: '$(BuildConfiguration)' - ProjectName: 'NLog.Web.Stackify' - ProjectJobName: 'NLog_Web_Stackify' - ProjectLocation: 'Src\NLog.Web.Stackify\*.csproj' - - ${{ if eq(parameters['Build StackifyLib.StackifyTraceListener'], true) }}: - - template: templates/build-and-pack.yml - parameters: - BuildConfiguration: '$(BuildConfiguration)' - ProjectName: 'StackifyLib.StackifyTraceListener' - ProjectJobName: 'StackifyLib_StackifyTraceListener' - ProjectLocation: 'Src\StackifyLib.StackifyTraceListener\*.csproj' - - task: PublishPipelineArtifact@1 - displayName: Publish Pipeline Artifact [Unsigned] - inputs: - path: $(Build.ArtifactStagingDirectory) - artifactName: Unsigned NuGet Packages - - ${{ if eq(parameters['Build StackifyLib'], true) }}: +stages: + - stage: FirstStage + jobs: + - checkout: self + clean: true + lfs: true + - task: AzureKeyVault@2 + displayName: 'Azure Key Vault: keyvault-build-resources' + inputs: + ConnectedServiceName: 514ed7d6-3846-4422-8013-af27483dd22c + KeyVaultName: keyvault-build-resources + RunAsPreJob: true + - ${{ if eq(parameters['Build StackifyLib Signed'], true) }}: + - task: DownloadSecureFile@1 + name: SNK + displayName: Download Strong Name Key + inputs: + secureFile: 9d810a2d-d090-431c-9012-df939a4b1afe + - task: PowerShell@2 + displayName: Move Signing Key To Project Directory + inputs: + targetType: inline + filePath: Src/StackifyLib + script: | + # Write your PowerShell commands here. + ls + Move-Item $(SNK.secureFilePath) Src/StackifyLib/Netreo.snk + - task: PowerShell@2 + displayName: Update csproj for .snk + inputs: + targetType: inline + script: > + (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib','StackifyLib.signed' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj -Encoding utf8 + # note: the signing attribute here is commented out so we can build locally + - powershell: | + $filename = Get-ChildItem ".\src\*\AssemblyInfo.cs" -Recurse + $filename | %{ + (gc $_) -replace ([regex]::Escape("//[assembly: AssemblyKeyFile")), "[assembly: AssemblyKeyFile" | Set-Content $_.FullName -Encoding utf8 + } + displayName: Uncoment signing attribute + - task: DotNetCoreCLI@2 + displayName: dotnet restore + inputs: + command: restore + projects: | + Src\StackifyLib\*.csproj + Src\StackifyLib.AspNetCore\*.csproj + Src\StackifyLib.CoreLogger\*.csproj + Src\StackifyLib.log4net\*.csproj + Src\Nlog.Targets.Stackify\*.csproj + Src\NLog.Web.Stackify\*.csproj + Src\StackifyLib.StackifyTraceListener\*.csproj + - ${{ if eq(parameters['Build StackifyLib'], true) }}: + - task: DotNetCoreCLI@2 + displayName: dotnet build + inputs: + projects: | + Src\StackifyLib\*.csproj + arguments: '-c $(BuildConfiguration)' + - task: DotNetCoreCLI@2 + displayName: dotnet pack signed stackify lib + inputs: + command: pack + searchPatternPack: Src\StackifyLib\*.csproj; + nobuild: true + - ${{ if eq(parameters['Build StackifyLib Signed'], true) }}: + - task: DotNetCoreCLI@2 + displayName: Install NuGetKeyVaultSignTool + continueOnError: true + inputs: + command: 'custom' + custom: 'tool' + arguments: 'install --global NuGetKeyVaultSignTool' + - task: CmdLine@2 + displayName: 'Sign nuget package' + inputs: + script: NuGetKeyVaultSignTool sign $(Build.ArtifactStagingDirectory)\StackifyLib.signed.*.nupkg -kvu "$(SigningVaultURL)" -kvi "$(SigningAppClientId)" -kvt "$(SigningAppTenantId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com + workingDirectory: $(Build.SourcesDirectory) + - task: PowerShell@2 + displayName: Rename signed assemblies + enabled: False + inputs: + targetType: inline + script: "$files = @(Get-ChildItem -Path . -File -Filter *.nupkg)\n\nforeach($file in $files) {\n $BaseFilename = $file.BaseName\n $BaseFilenameSplit = $file.BaseName.Split(\".\")\n $LastVersionDigit = \"\"\n $NewFilenameBase = \"\"\n $PackageVersion = \"\"\n $IsBeta = \"False\"\n if ($BaseFilename.contains(\"beta\")) {\n $IsBeta = \"True\"\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 6,1)\n }\n else {\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 1)\n }\n foreach($namePart in $BaseFilenameSplit) {\n if (!$namePart.contains(\"beta\") -and $namePart -notmatch \"^\\d+$\") {\n $NewFilenameBase = $NewFilenameBase + $namePart + \".\"\n } else {\n # check for beta\n if ($namePart.contains(\"beta\")) {\n $PackageVersion = $PackageVersion + $namePart.Substring(0,1)\n } else {\n $PackageVersion = $PackageVersion + $namePart\n }\n # check length to append a .\n if ($namePart -notmatch $LastVersionDigit) {\n $PackageVersion = $PackageVersion + \".\"\n }\n }\n }\n \n # check beta\n $FinalFilenameBase = \"\"\n if ($IsBeta -match \"True\") {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion + \"-beta\"\n } else {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion\n }\n $FinalFilename = $FinalFilenameBase + $file.Extension\n Rename-Item -Path $file -NewName $FinalFilename\n}" + workingDirectory: $(Build.ArtifactStagingDirectory) + - task: PublishPipelineArtifact@1 + displayName: Publish Signed Artifact + inputs: + path: $(Build.ArtifactStagingDirectory) + artifactName: Signed NuGet Packages + - task: PowerShell@2 + displayName: Delete signed assemblies + enabled: true + inputs: + targetType: inline + script: > + Remove-Item *.signed*.nupkg + workingDirectory: $(Build.ArtifactStagingDirectory) + - task: PowerShell@2 + displayName: Remove Sign Code + enabled: false + inputs: + targetType: filePath + arguments: '' + filePath: Scripts/RemoveSignCode.ps1 + workingDirectory: $(Build.SourcesDirectory) + - task: PowerShell@2 + displayName: Remove Sign Code Inline + inputs: + targetType: 'inline' + script: | + function Remove-SignCode { + param ( + $ASMFile + ) + Set-Content -Path $ASMFile -Value (Get-Content -Path $ASMFile | Select-String -Pattern AssemblyKeyFileAttribute -NotMatch ) + } + + $files = @(Get-ChildItem -Path . -Directory -Filter Stackify*) + + foreach ($file in $files) { + $asmInfo = Get-ChildItem -Path $file/Properties/AssemblyInfo.cs + Remove-SignCode -ASMFile $asmInfo + } + - task: PowerShell@2 + displayName: Update csproj for no .snk + inputs: + targetType: inline + script: > + (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib.signed','StackifyLib' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj + - ${{ if eq(parameters['Build StackifyLib.AspNetCore'], true) }}: + - template: templates/build-and-pack.yml + parameters: + BuildConfiguration: '$(BuildConfiguration)' + ProjectJobName: 'StackifyLib_AspNetCore' + ProjectName: 'StackifyLib.AspNetCore' + ProjectLocation: 'Src\StackifyLib.AspNetCore\*.csproj' + - ${{ if eq(parameters['Build StackifyLib.CoreLogger'], true) }}: + - template: templates/build-and-pack.yml + parameters: + BuildConfiguration: '$(BuildConfiguration)' + ProjectJobName: 'StackifyLib_CoreLogger' + ProjectName: 'StackifyLib.CoreLogger' + ProjectLocation: 'Src\StackifyLib.CoreLogger\*.csproj' + - ${{ if eq(parameters['Build StackifyLib.log4net'], true) }}: + - template: templates/build-and-pack.yml + parameters: + BuildConfiguration: '$(BuildConfiguration)' + ProjectName: 'StackifyLib.log4net' + ProjectJobName: 'StackifyLib_log4net' + ProjectLocation: 'Src\StackifyLib.log4net\*.csproj' + - ${{ if eq(parameters['Build NLog.Targets.Stackify'], true) }}: + - template: templates/build-and-pack.yml + parameters: + BuildConfiguration: '$(BuildConfiguration)' + ProjectName: 'NLog.Targets.Stackify' + ProjectJobName: 'NLog_Targets_Stackify' + ProjectLocation: 'Src\NLog.Targets.Stackify\*.csproj' + - ${{ if eq(parameters['Build NLog.Web.Stackify'], true) }}: + - template: templates/build-and-pack.yml + parameters: + BuildConfiguration: '$(BuildConfiguration)' + ProjectName: 'NLog.Web.Stackify' + ProjectJobName: 'NLog_Web_Stackify' + ProjectLocation: 'Src\NLog.Web.Stackify\*.csproj' + - ${{ if eq(parameters['Build StackifyLib.StackifyTraceListener'], true) }}: + - template: templates/build-and-pack.yml + parameters: + BuildConfiguration: '$(BuildConfiguration)' + ProjectName: 'StackifyLib.StackifyTraceListener' + ProjectJobName: 'StackifyLib_StackifyTraceListener' + ProjectLocation: 'Src\StackifyLib.StackifyTraceListener\*.csproj' + - task: PublishPipelineArtifact@1 + displayName: Publish Pipeline Artifact [Unsigned] + inputs: + path: $(Build.ArtifactStagingDirectory) + artifactName: Unsigned NuGet Packages + - ${{ if eq(parameters['Build StackifyLib'], true) }}: - task: PowerShell@2 displayName: PowerShell Script inputs: @@ -256,3 +251,13 @@ steps: veracodeAppProfile: Retrace .Net StackifyLib version: AZ-Devops-Build-$(build.buildNumber) filepath: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg + + - job: SCA + pool: + vmImage: 'windows-latest' + steps: + - task: PowerShell@2 + inputs: + targetType: 'inline' + script: $Env:SRCCLR_API_TOKEN="$(SRCCLR_API_TOKEN)"; Set-ExecutionPolicy AllSigned -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://download.srcclr.com/ci.ps1')); srcclr scan --allow-dirty .; + condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCA }}', 'true')) \ No newline at end of file From 324a0167e70d3aa3d0bcfdf3d1dd341fb0b10d16 Mon Sep 17 00:00:00 2001 From: Todd Lair Date: Mon, 5 Feb 2024 14:15:18 -0600 Subject: [PATCH 2/3] Updated veracodes SCA flag default to true --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index cbb7178..1cb8938 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -23,7 +23,7 @@ parameters: - name: RUN_VERACODE_SCA displayName: 'Execute Veracode SCA' type: boolean - default: false + default: true - name: 'Build StackifyLib' type: boolean default: true From ed8abae1e5d4ea008eaa7c76b4bf0739c0c56a65 Mon Sep 17 00:00:00 2001 From: Todd Lair Date: Mon, 5 Feb 2024 14:19:09 -0600 Subject: [PATCH 3/3] Fixed the yml syntax --- azure-pipelines.yml | 378 ++++++++++++++++++++++---------------------- 1 file changed, 190 insertions(+), 188 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 1cb8938..5aa5fb7 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -55,202 +55,204 @@ variables: stages: - stage: FirstStage jobs: - - checkout: self - clean: true - lfs: true - - task: AzureKeyVault@2 - displayName: 'Azure Key Vault: keyvault-build-resources' - inputs: - ConnectedServiceName: 514ed7d6-3846-4422-8013-af27483dd22c - KeyVaultName: keyvault-build-resources - RunAsPreJob: true - - ${{ if eq(parameters['Build StackifyLib Signed'], true) }}: - - task: DownloadSecureFile@1 - name: SNK - displayName: Download Strong Name Key - inputs: - secureFile: 9d810a2d-d090-431c-9012-df939a4b1afe - - task: PowerShell@2 - displayName: Move Signing Key To Project Directory - inputs: - targetType: inline - filePath: Src/StackifyLib - script: | - # Write your PowerShell commands here. - ls - Move-Item $(SNK.secureFilePath) Src/StackifyLib/Netreo.snk - - task: PowerShell@2 - displayName: Update csproj for .snk + - job: Build + steps: + - checkout: self + clean: true + lfs: true + - task: AzureKeyVault@2 + displayName: 'Azure Key Vault: keyvault-build-resources' inputs: - targetType: inline - script: > - (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib','StackifyLib.signed' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj -Encoding utf8 - # note: the signing attribute here is commented out so we can build locally - - powershell: | - $filename = Get-ChildItem ".\src\*\AssemblyInfo.cs" -Recurse - $filename | %{ - (gc $_) -replace ([regex]::Escape("//[assembly: AssemblyKeyFile")), "[assembly: AssemblyKeyFile" | Set-Content $_.FullName -Encoding utf8 - } - displayName: Uncoment signing attribute - - task: DotNetCoreCLI@2 - displayName: dotnet restore - inputs: - command: restore - projects: | - Src\StackifyLib\*.csproj - Src\StackifyLib.AspNetCore\*.csproj - Src\StackifyLib.CoreLogger\*.csproj - Src\StackifyLib.log4net\*.csproj - Src\Nlog.Targets.Stackify\*.csproj - Src\NLog.Web.Stackify\*.csproj - Src\StackifyLib.StackifyTraceListener\*.csproj - - ${{ if eq(parameters['Build StackifyLib'], true) }}: + ConnectedServiceName: 514ed7d6-3846-4422-8013-af27483dd22c + KeyVaultName: keyvault-build-resources + RunAsPreJob: true + - ${{ if eq(parameters['Build StackifyLib Signed'], true) }}: + - task: DownloadSecureFile@1 + name: SNK + displayName: Download Strong Name Key + inputs: + secureFile: 9d810a2d-d090-431c-9012-df939a4b1afe + - task: PowerShell@2 + displayName: Move Signing Key To Project Directory + inputs: + targetType: inline + filePath: Src/StackifyLib + script: | + # Write your PowerShell commands here. + ls + Move-Item $(SNK.secureFilePath) Src/StackifyLib/Netreo.snk + - task: PowerShell@2 + displayName: Update csproj for .snk + inputs: + targetType: inline + script: > + (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib','StackifyLib.signed' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj -Encoding utf8 + # note: the signing attribute here is commented out so we can build locally + - powershell: | + $filename = Get-ChildItem ".\src\*\AssemblyInfo.cs" -Recurse + $filename | %{ + (gc $_) -replace ([regex]::Escape("//[assembly: AssemblyKeyFile")), "[assembly: AssemblyKeyFile" | Set-Content $_.FullName -Encoding utf8 + } + displayName: Uncoment signing attribute - task: DotNetCoreCLI@2 - displayName: dotnet build + displayName: dotnet restore inputs: + command: restore projects: | Src\StackifyLib\*.csproj - arguments: '-c $(BuildConfiguration)' - - task: DotNetCoreCLI@2 - displayName: dotnet pack signed stackify lib - inputs: - command: pack - searchPatternPack: Src\StackifyLib\*.csproj; - nobuild: true - - ${{ if eq(parameters['Build StackifyLib Signed'], true) }}: - - task: DotNetCoreCLI@2 - displayName: Install NuGetKeyVaultSignTool - continueOnError: true - inputs: - command: 'custom' - custom: 'tool' - arguments: 'install --global NuGetKeyVaultSignTool' - - task: CmdLine@2 - displayName: 'Sign nuget package' - inputs: - script: NuGetKeyVaultSignTool sign $(Build.ArtifactStagingDirectory)\StackifyLib.signed.*.nupkg -kvu "$(SigningVaultURL)" -kvi "$(SigningAppClientId)" -kvt "$(SigningAppTenantId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com - workingDirectory: $(Build.SourcesDirectory) - - task: PowerShell@2 - displayName: Rename signed assemblies - enabled: False - inputs: - targetType: inline - script: "$files = @(Get-ChildItem -Path . -File -Filter *.nupkg)\n\nforeach($file in $files) {\n $BaseFilename = $file.BaseName\n $BaseFilenameSplit = $file.BaseName.Split(\".\")\n $LastVersionDigit = \"\"\n $NewFilenameBase = \"\"\n $PackageVersion = \"\"\n $IsBeta = \"False\"\n if ($BaseFilename.contains(\"beta\")) {\n $IsBeta = \"True\"\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 6,1)\n }\n else {\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 1)\n }\n foreach($namePart in $BaseFilenameSplit) {\n if (!$namePart.contains(\"beta\") -and $namePart -notmatch \"^\\d+$\") {\n $NewFilenameBase = $NewFilenameBase + $namePart + \".\"\n } else {\n # check for beta\n if ($namePart.contains(\"beta\")) {\n $PackageVersion = $PackageVersion + $namePart.Substring(0,1)\n } else {\n $PackageVersion = $PackageVersion + $namePart\n }\n # check length to append a .\n if ($namePart -notmatch $LastVersionDigit) {\n $PackageVersion = $PackageVersion + \".\"\n }\n }\n }\n \n # check beta\n $FinalFilenameBase = \"\"\n if ($IsBeta -match \"True\") {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion + \"-beta\"\n } else {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion\n }\n $FinalFilename = $FinalFilenameBase + $file.Extension\n Rename-Item -Path $file -NewName $FinalFilename\n}" - workingDirectory: $(Build.ArtifactStagingDirectory) + Src\StackifyLib.AspNetCore\*.csproj + Src\StackifyLib.CoreLogger\*.csproj + Src\StackifyLib.log4net\*.csproj + Src\Nlog.Targets.Stackify\*.csproj + Src\NLog.Web.Stackify\*.csproj + Src\StackifyLib.StackifyTraceListener\*.csproj + - ${{ if eq(parameters['Build StackifyLib'], true) }}: + - task: DotNetCoreCLI@2 + displayName: dotnet build + inputs: + projects: | + Src\StackifyLib\*.csproj + arguments: '-c $(BuildConfiguration)' + - task: DotNetCoreCLI@2 + displayName: dotnet pack signed stackify lib + inputs: + command: pack + searchPatternPack: Src\StackifyLib\*.csproj; + nobuild: true + - ${{ if eq(parameters['Build StackifyLib Signed'], true) }}: + - task: DotNetCoreCLI@2 + displayName: Install NuGetKeyVaultSignTool + continueOnError: true + inputs: + command: 'custom' + custom: 'tool' + arguments: 'install --global NuGetKeyVaultSignTool' + - task: CmdLine@2 + displayName: 'Sign nuget package' + inputs: + script: NuGetKeyVaultSignTool sign $(Build.ArtifactStagingDirectory)\StackifyLib.signed.*.nupkg -kvu "$(SigningVaultURL)" -kvi "$(SigningAppClientId)" -kvt "$(SigningAppTenantId)" -kvs "$(SigningClientSecret)" -kvc "$(SigningCertName)" -tr http://timestamp.digicert.com + workingDirectory: $(Build.SourcesDirectory) + - task: PowerShell@2 + displayName: Rename signed assemblies + enabled: False + inputs: + targetType: inline + script: "$files = @(Get-ChildItem -Path . -File -Filter *.nupkg)\n\nforeach($file in $files) {\n $BaseFilename = $file.BaseName\n $BaseFilenameSplit = $file.BaseName.Split(\".\")\n $LastVersionDigit = \"\"\n $NewFilenameBase = \"\"\n $PackageVersion = \"\"\n $IsBeta = \"False\"\n if ($BaseFilename.contains(\"beta\")) {\n $IsBeta = \"True\"\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 6,1)\n }\n else {\n $LastVersionDigit = $file.BaseName.Substring($BaseFilename.length - 1)\n }\n foreach($namePart in $BaseFilenameSplit) {\n if (!$namePart.contains(\"beta\") -and $namePart -notmatch \"^\\d+$\") {\n $NewFilenameBase = $NewFilenameBase + $namePart + \".\"\n } else {\n # check for beta\n if ($namePart.contains(\"beta\")) {\n $PackageVersion = $PackageVersion + $namePart.Substring(0,1)\n } else {\n $PackageVersion = $PackageVersion + $namePart\n }\n # check length to append a .\n if ($namePart -notmatch $LastVersionDigit) {\n $PackageVersion = $PackageVersion + \".\"\n }\n }\n }\n \n # check beta\n $FinalFilenameBase = \"\"\n if ($IsBeta -match \"True\") {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion + \"-beta\"\n } else {\n $FinalFilenameBase = $NewFilenameBase + \"snk.\" + $PackageVersion\n }\n $FinalFilename = $FinalFilenameBase + $file.Extension\n Rename-Item -Path $file -NewName $FinalFilename\n}" + workingDirectory: $(Build.ArtifactStagingDirectory) + - task: PublishPipelineArtifact@1 + displayName: Publish Signed Artifact + inputs: + path: $(Build.ArtifactStagingDirectory) + artifactName: Signed NuGet Packages + - task: PowerShell@2 + displayName: Delete signed assemblies + enabled: true + inputs: + targetType: inline + script: > + Remove-Item *.signed*.nupkg + workingDirectory: $(Build.ArtifactStagingDirectory) + - task: PowerShell@2 + displayName: Remove Sign Code + enabled: false + inputs: + targetType: filePath + arguments: '' + filePath: Scripts/RemoveSignCode.ps1 + workingDirectory: $(Build.SourcesDirectory) + - task: PowerShell@2 + displayName: Remove Sign Code Inline + inputs: + targetType: 'inline' + script: | + function Remove-SignCode { + param ( + $ASMFile + ) + Set-Content -Path $ASMFile -Value (Get-Content -Path $ASMFile | Select-String -Pattern AssemblyKeyFileAttribute -NotMatch ) + } + + $files = @(Get-ChildItem -Path . -Directory -Filter Stackify*) + + foreach ($file in $files) { + $asmInfo = Get-ChildItem -Path $file/Properties/AssemblyInfo.cs + Remove-SignCode -ASMFile $asmInfo + } + - task: PowerShell@2 + displayName: Update csproj for no .snk + inputs: + targetType: inline + script: > + (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib.signed','StackifyLib' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj + - ${{ if eq(parameters['Build StackifyLib.AspNetCore'], true) }}: + - template: templates/build-and-pack.yml + parameters: + BuildConfiguration: '$(BuildConfiguration)' + ProjectJobName: 'StackifyLib_AspNetCore' + ProjectName: 'StackifyLib.AspNetCore' + ProjectLocation: 'Src\StackifyLib.AspNetCore\*.csproj' + - ${{ if eq(parameters['Build StackifyLib.CoreLogger'], true) }}: + - template: templates/build-and-pack.yml + parameters: + BuildConfiguration: '$(BuildConfiguration)' + ProjectJobName: 'StackifyLib_CoreLogger' + ProjectName: 'StackifyLib.CoreLogger' + ProjectLocation: 'Src\StackifyLib.CoreLogger\*.csproj' + - ${{ if eq(parameters['Build StackifyLib.log4net'], true) }}: + - template: templates/build-and-pack.yml + parameters: + BuildConfiguration: '$(BuildConfiguration)' + ProjectName: 'StackifyLib.log4net' + ProjectJobName: 'StackifyLib_log4net' + ProjectLocation: 'Src\StackifyLib.log4net\*.csproj' + - ${{ if eq(parameters['Build NLog.Targets.Stackify'], true) }}: + - template: templates/build-and-pack.yml + parameters: + BuildConfiguration: '$(BuildConfiguration)' + ProjectName: 'NLog.Targets.Stackify' + ProjectJobName: 'NLog_Targets_Stackify' + ProjectLocation: 'Src\NLog.Targets.Stackify\*.csproj' + - ${{ if eq(parameters['Build NLog.Web.Stackify'], true) }}: + - template: templates/build-and-pack.yml + parameters: + BuildConfiguration: '$(BuildConfiguration)' + ProjectName: 'NLog.Web.Stackify' + ProjectJobName: 'NLog_Web_Stackify' + ProjectLocation: 'Src\NLog.Web.Stackify\*.csproj' + - ${{ if eq(parameters['Build StackifyLib.StackifyTraceListener'], true) }}: + - template: templates/build-and-pack.yml + parameters: + BuildConfiguration: '$(BuildConfiguration)' + ProjectName: 'StackifyLib.StackifyTraceListener' + ProjectJobName: 'StackifyLib_StackifyTraceListener' + ProjectLocation: 'Src\StackifyLib.StackifyTraceListener\*.csproj' - task: PublishPipelineArtifact@1 - displayName: Publish Signed Artifact + displayName: Publish Pipeline Artifact [Unsigned] inputs: path: $(Build.ArtifactStagingDirectory) - artifactName: Signed NuGet Packages - - task: PowerShell@2 - displayName: Delete signed assemblies - enabled: true - inputs: - targetType: inline - script: > - Remove-Item *.signed*.nupkg - workingDirectory: $(Build.ArtifactStagingDirectory) - - task: PowerShell@2 - displayName: Remove Sign Code - enabled: false - inputs: - targetType: filePath - arguments: '' - filePath: Scripts/RemoveSignCode.ps1 - workingDirectory: $(Build.SourcesDirectory) - - task: PowerShell@2 - displayName: Remove Sign Code Inline - inputs: - targetType: 'inline' - script: | - function Remove-SignCode { - param ( - $ASMFile - ) - Set-Content -Path $ASMFile -Value (Get-Content -Path $ASMFile | Select-String -Pattern AssemblyKeyFileAttribute -NotMatch ) - } - - $files = @(Get-ChildItem -Path . -Directory -Filter Stackify*) - - foreach ($file in $files) { - $asmInfo = Get-ChildItem -Path $file/Properties/AssemblyInfo.cs - Remove-SignCode -ASMFile $asmInfo - } - - task: PowerShell@2 - displayName: Update csproj for no .snk - inputs: - targetType: inline - script: > - (Get-Content -path Src\StackifyLib\StackifyLib.csproj -Raw) -replace 'StackifyLib.signed','StackifyLib' | Set-Content -Path Src\StackifyLib\StackifyLib.csproj - - ${{ if eq(parameters['Build StackifyLib.AspNetCore'], true) }}: - - template: templates/build-and-pack.yml - parameters: - BuildConfiguration: '$(BuildConfiguration)' - ProjectJobName: 'StackifyLib_AspNetCore' - ProjectName: 'StackifyLib.AspNetCore' - ProjectLocation: 'Src\StackifyLib.AspNetCore\*.csproj' - - ${{ if eq(parameters['Build StackifyLib.CoreLogger'], true) }}: - - template: templates/build-and-pack.yml - parameters: - BuildConfiguration: '$(BuildConfiguration)' - ProjectJobName: 'StackifyLib_CoreLogger' - ProjectName: 'StackifyLib.CoreLogger' - ProjectLocation: 'Src\StackifyLib.CoreLogger\*.csproj' - - ${{ if eq(parameters['Build StackifyLib.log4net'], true) }}: - - template: templates/build-and-pack.yml - parameters: - BuildConfiguration: '$(BuildConfiguration)' - ProjectName: 'StackifyLib.log4net' - ProjectJobName: 'StackifyLib_log4net' - ProjectLocation: 'Src\StackifyLib.log4net\*.csproj' - - ${{ if eq(parameters['Build NLog.Targets.Stackify'], true) }}: - - template: templates/build-and-pack.yml - parameters: - BuildConfiguration: '$(BuildConfiguration)' - ProjectName: 'NLog.Targets.Stackify' - ProjectJobName: 'NLog_Targets_Stackify' - ProjectLocation: 'Src\NLog.Targets.Stackify\*.csproj' - - ${{ if eq(parameters['Build NLog.Web.Stackify'], true) }}: - - template: templates/build-and-pack.yml - parameters: - BuildConfiguration: '$(BuildConfiguration)' - ProjectName: 'NLog.Web.Stackify' - ProjectJobName: 'NLog_Web_Stackify' - ProjectLocation: 'Src\NLog.Web.Stackify\*.csproj' - - ${{ if eq(parameters['Build StackifyLib.StackifyTraceListener'], true) }}: - - template: templates/build-and-pack.yml - parameters: - BuildConfiguration: '$(BuildConfiguration)' - ProjectName: 'StackifyLib.StackifyTraceListener' - ProjectJobName: 'StackifyLib_StackifyTraceListener' - ProjectLocation: 'Src\StackifyLib.StackifyTraceListener\*.csproj' - - task: PublishPipelineArtifact@1 - displayName: Publish Pipeline Artifact [Unsigned] - inputs: - path: $(Build.ArtifactStagingDirectory) - artifactName: Unsigned NuGet Packages - - ${{ if eq(parameters['Build StackifyLib'], true) }}: - - task: PowerShell@2 - displayName: PowerShell Script - inputs: - targetType: inline - script: | - $xml = [Xml] (Get-Content .\Src\StackifyLib\StackifyLib.csproj) - $version = $xml.Project.PropertyGroup.Version - echo $version - $version = "$version".Trim() - echo "##vso[task.setvariable variable=version]$version" - echo "StackifyLib."$version".nupkg" - workingDirectory: $(Build.SourcesDirectory) - - task: Veracode@3 - displayName: 'Upload and scan: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg' - condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCAN }}', 'true')) - enabled: True - inputs: - AnalysisService: 51003f89-58ab-463c-8e20-41484888d9c7 - veracodeAppProfile: Retrace .Net StackifyLib - version: AZ-Devops-Build-$(build.buildNumber) - filepath: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg + artifactName: Unsigned NuGet Packages + - ${{ if eq(parameters['Build StackifyLib'], true) }}: + - task: PowerShell@2 + displayName: PowerShell Script + inputs: + targetType: inline + script: | + $xml = [Xml] (Get-Content .\Src\StackifyLib\StackifyLib.csproj) + $version = $xml.Project.PropertyGroup.Version + echo $version + $version = "$version".Trim() + echo "##vso[task.setvariable variable=version]$version" + echo "StackifyLib."$version".nupkg" + workingDirectory: $(Build.SourcesDirectory) + - task: Veracode@3 + displayName: 'Upload and scan: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg' + condition: and(succeeded(), eq('${{ parameters.RUN_VERACODE_SCAN }}', 'true')) + enabled: True + inputs: + AnalysisService: 51003f89-58ab-463c-8e20-41484888d9c7 + veracodeAppProfile: Retrace .Net StackifyLib + version: AZ-Devops-Build-$(build.buildNumber) + filepath: $(Build.ArtifactStagingDirectory)/StackifyLib.$(version).nupkg - job: SCA pool: