diff --git a/build-tools/automation/azure-pipelines-nightly.yaml b/build-tools/automation/azure-pipelines-nightly.yaml index bbf13e27974..69ac75c87e6 100644 --- a/build-tools/automation/azure-pipelines-nightly.yaml +++ b/build-tools/automation/azure-pipelines-nightly.yaml @@ -25,6 +25,10 @@ resources: name: dotnet/maui endpoint: xamarin +parameters: +- name: ApiScanSourceBranch + default: 'refs/heads/main' + # Global variables variables: - template: yaml-templates/variables.yaml @@ -285,6 +289,7 @@ stages: - stage: compliance_scan displayName: Compliance dependsOn: mac_build + condition: and(eq(dependencies.mac_build.result, 'Succeeded'), eq(variables['Build.SourceBranch'], '${{ parameters.ApiScanSourceBranch }}')) jobs: - job: api_scan displayName: API Scan @@ -294,9 +299,6 @@ stages: timeoutInMinutes: 480 workspace: clean: all - variables: - - name: ApiScan.Enabled - value: true steps: - template: yaml-templates/setup-test-environment.yaml parameters: @@ -305,19 +307,30 @@ stages: restoreNUnitConsole: false updateMono: false - ### Copy .dll and .pdb files for APIScan + - task: DownloadPipelineArtifact@2 + displayName: Download binutils pdbs + inputs: + artifactName: $(WindowsToolchainPdbArtifactName) + downloadPath: $(Build.StagingDirectory)\binutils-pdb + + - powershell: | + Expand-Archive "$(Build.StagingDirectory)\binutils-pdb\$(WindowsToolchainPdbArtifactName).zip" "$(System.DefaultWorkingDirectory)\binutils-pdb" + Get-ChildItem -Path "$(System.DefaultWorkingDirectory)\binutils-pdb" -Recurse + displayName: Extract binutils pdbs + + ### Copy .dll, .exe, .pdb files for APIScan - task: CopyFiles@2 displayName: Collect Files for APIScan inputs: - Contents: $(System.DefaultWorkingDirectory)\bin\$(XA.Build.Configuration)\dotnet\packs\Microsoft.Android*\**\?(*.dll|*.pdb) + Contents: | + $(System.DefaultWorkingDirectory)\bin\$(XA.Build.Configuration)\dotnet\packs\Microsoft.Android*\**\?(*.dll|*.exe|*.pdb) + $(System.DefaultWorkingDirectory)\binutils-pdb\*.pdb TargetFolder: $(Build.StagingDirectory)\apiscan OverWrite: true flattenFolders: true - condition: and(succeeded(), eq(variables['ApiScan.Enabled'], 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) - pwsh: Get-ChildItem -Path "$(Build.StagingDirectory)\apiscan" -Recurse displayName: List Files for APIScan - condition: and(succeeded(), eq(variables['ApiScan.Enabled'], 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) ### Run latest version of APIScan listed at https://www.1eswiki.com/wiki/APIScan_Build_Task - task: APIScan@2 @@ -326,10 +339,9 @@ stages: softwareFolder: $(Build.StagingDirectory)\apiscan symbolsFolder: 'SRV*http://symweb;$(Build.StagingDirectory)\apiscan' softwareName: $(ApiScanName) - softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion)-$(Rev:r) + softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion)$(System.JobAttempt) isLargeApp: true toolVersion: Latest - condition: and(succeeded(), eq(variables['ApiScan.Enabled'], 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) env: AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret) @@ -339,7 +351,6 @@ stages: GdnExportAllTools: false GdnExportGdnToolApiScan: true GdnExportOutputSuppressionFile: source.gdnsuppress - condition: and(succeededOrFailed(), eq(variables['ApiScan.Enabled'], 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) - task: PublishSecurityAnalysisLogs@3 displayName: Publish Guardian Artifacts @@ -349,11 +360,9 @@ stages: AllTools: false APIScan: true ToolLogsNotFoundAction: Warning - condition: and(succeededOrFailed(), eq(variables['ApiScan.Enabled'], 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) - task: PostAnalysis@2 displayName: Fail Build on Guardian Issues inputs: GdnBreakAllTools: false GdnBreakGdnToolApiScan: true - condition: and(succeededOrFailed(), eq(variables['ApiScan.Enabled'], 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) diff --git a/build-tools/automation/yaml-templates/build-macos.yaml b/build-tools/automation/yaml-templates/build-macos.yaml index 23d400ada95..abdb0103a09 100644 --- a/build-tools/automation/yaml-templates/build-macos.yaml +++ b/build-tools/automation/yaml-templates/build-macos.yaml @@ -49,6 +49,7 @@ stages: installerArtifactName: ${{ parameters.installerArtifactName }} nugetArtifactName: ${{ parameters.nugetArtifactName }} testAssembliesArtifactName: ${{ parameters.testAssembliesArtifactName }} + windowsToolchainPdbArtifactName: ${{ parameters.windowsToolchainPdbArtifactName }} - powershell: | [IO.Directory]::CreateDirectory("$(Build.StagingDirectory)/empty") @@ -73,19 +74,6 @@ stages: artifactName: sbom-components-macos pathToPublish: $(Build.StagingDirectory)/sbom-components - - script: > - mkdir -p $(System.DefaultWorkingDirectory)/xamarin-android/bin/Build$(XA.Build.Configuration)/windows-toolchain-pdb && - cd $(System.DefaultWorkingDirectory)/xamarin-android/bin/$(XA.Build.Configuration)/lib/packs/Microsoft.Android.Sdk.Darwin/*/tools/binutils/windows-toolchain-pdb && - zip -r $(System.DefaultWorkingDirectory)/xamarin-android/bin/Build$(XA.Build.Configuration)/windows-toolchain-pdb/windows-toolchain-pdb.zip . - workingDirectory: $(System.DefaultWorkingDirectory)/xamarin-android - displayName: zip Windows toolchain pdb files - - - task: PublishPipelineArtifact@1 - displayName: upload Windows toolchain pdb files - inputs: - artifactName: ${{ parameters.windowsToolchainPdbArtifactName }} - targetPath: $(System.DefaultWorkingDirectory)/xamarin-android/bin/Build$(XA.Build.Configuration)/windows-toolchain-pdb - - template: upload-results.yaml parameters: xaSourcePath: $(System.DefaultWorkingDirectory)/xamarin-android diff --git a/build-tools/automation/yaml-templates/commercial-build.yaml b/build-tools/automation/yaml-templates/commercial-build.yaml index 59a2dd2f10b..84421581edf 100644 --- a/build-tools/automation/yaml-templates/commercial-build.yaml +++ b/build-tools/automation/yaml-templates/commercial-build.yaml @@ -4,6 +4,7 @@ parameters: makeMSBuildArgs: '' nugetArtifactName: $(NuGetArtifactName) testAssembliesArtifactName: $(TestAssembliesArtifactName) + windowsToolchainPdbArtifactName: $(WindowsToolchainPdbArtifactName) steps: - script: echo "##vso[task.setvariable variable=JI_JAVA_HOME]$HOME/android-toolchain/jdk-17" @@ -140,6 +141,19 @@ steps: artifactName: ${{ parameters.testAssembliesArtifactName }} targetPath: ${{ parameters.xaSourcePath }}/bin/Test$(XA.Build.Configuration) +- script: > + mkdir -p ${{ parameters.xaSourcePath }}/bin/Build$(XA.Build.Configuration)/windows-toolchain-pdb && + cd ${{ parameters.xaSourcePath }}/bin/$(XA.Build.Configuration)/lib/packs/Microsoft.Android.Sdk.Darwin/*/tools/binutils/windows-toolchain-pdb && + zip -r ${{ parameters.xaSourcePath }}/bin/Build$(XA.Build.Configuration)/windows-toolchain-pdb/windows-toolchain-pdb.zip . + workingDirectory: ${{ parameters.xaSourcePath }} + displayName: zip Windows toolchain pdb files + +- task: PublishPipelineArtifact@1 + displayName: upload Windows toolchain pdb files + inputs: + artifactName: ${{ parameters.windowsToolchainPdbArtifactName }} + targetPath: ${{ parameters.xaSourcePath }}/bin/Build$(XA.Build.Configuration)/windows-toolchain-pdb + - task: PublishPipelineArtifact@1 displayName: upload build tools inventory inputs: