diff --git a/.azurepipelines/build-shared-ios-1ES.yml b/.azurepipelines/build-shared-ios-1ES.yml new file mode 100644 index 000000000..06c18548d --- /dev/null +++ b/.azurepipelines/build-shared-ios-1ES.yml @@ -0,0 +1,121 @@ +trigger: +- master +- develop +pr: +- master +- develop +resources: + repositories: + - repository: self + type: git + ref: refs/heads/develop + - repository: 1ESPipelineTemplates + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release +name: $(Build.SourceBranchName)_$(date:yyyyMMdd)$(rev:.r) +variables: +- name: EOCompliance-Mac + value: true +- name: XCODE_PATH + value: /Applications/Xcode_13.2.1.app/Contents/Developer +extends: + ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/master') }}: + template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates + ${{ else }}: + template: v1/1ES.Unofficial.PipelineTemplate.yml@1ESPipelineTemplates + parameters: + pool: + name: Azure Pipelines + image: macos-latest + os: macOS + customBuildTags: + - ES365AIMigrationTooling-BulkMigrated + sdl: + sourceAnalysisPool: 1ES-PT-Windows-2022 + eslint: + enableExclusions: true + exclusionPatterns: | + TestApp/ + TestApp34/ + DemoApp/ + credscan: + suppressionsFile: $(Build.SourcesDirectory)/.config/CredScanSuppressions.json + stages: + - stage: stage + jobs: + - job: sdkBuildJob + displayName: MacOs + cancelTimeoutInMinutes: 1 + templateContext: + outputs: + - output: pipelineArtifact + displayName: 'Publish Artifact: framework' + path: '$(Build.ArtifactStagingDirectory)' + artifactName: zip + steps: + - checkout: self + fetchTags: false + - task: Bash@3 + displayName: Install AppCenterReactNativeShared Pods + inputs: + filePath: AppCenterReactNativeShared/ios/post-clone.sh + workingDirectory: AppCenterReactNativeShared/ios + - task: Bash@3 + displayName: Select Xcode $(XCODE_PATH) + inputs: + targetType: inline + script: sudo xcode-select -s '$(XCODE_PATH)' + - task: Bash@3 + displayName: Build xc-framework + inputs: + targetType: inline + script: | + export SRCROOT=`pwd` + ./build-xcframework.sh + workingDirectory: AppCenterReactNativeShared/ios/ + - task: Bash@3 + displayName: Zip framework + inputs: + filePath: AppCenterReactNativeShared/zip-framework.sh + workingDirectory: AppCenterReactNativeShared + - task: CopyFiles@2 + displayName: Copy artifact + inputs: + SourceFolder: $(Build.SourcesDirectory)/AppCenterReactNativeShared/Products/ + Contents: AppCenter-SDK-ReactNative-iOS-Pod-*.zip + TargetFolder: $(Build.ArtifactStagingDirectory) + + - stage: APIScan + dependsOn: Stage + pool: + name: 1ES-PT-Windows-2022 + os: windows + variables: + "agent.source.skip": true + jobs: + - job: APIScan + steps: + - task: DownloadPipelineArtifact@2 + displayName: Download Build Artifacts for APIScan + inputs: + artifactName: zip + targetPath: '$(Agent.BuildDirectory)/zip' + - task: AzureKeyVault@2 + inputs: + azureSubscription: 'AC - Dev Infra & Build Pool' + KeyVaultName: 'mobile-center-sdk' + SecretsFilter: 'appcenter-sdk-managed-identity-clientid' + RunAsPreJob: false + - task: APIScan@2 + displayName: 'Run APIScan' + inputs: + softwareFolder: '$(Agent.BuildDirectory)\zip' + softwareName: 'appcenter-sdk-react-native' + softwareVersionNum: '$(Build.BuildId)' + isLargeApp: false + toolVersion: 'Latest' + verbosityLevel: verbose + condition: and(succeeded(), ne(variables['DisableAPIScan'], 'true')) + env: + AzureServicesAuthConnectionString: 'runAs=App;AppId=$(appcenter-sdk-managed-identity-clientid)' \ No newline at end of file diff --git a/.config/CredScanSuppressions.json b/.config/CredScanSuppressions.json new file mode 100644 index 000000000..56a92306e --- /dev/null +++ b/.config/CredScanSuppressions.json @@ -0,0 +1,22 @@ +{ + "tool": "Credential Scanner", + "suppressions": [ + { + "file": "/DemoApp/android/keystores/debug.keystore.properties", + "_justification": "CSCAN-GENERAL0060 used only in DemoApp" + }, + { + "file": "/TestApp/android/keystores/debug.keystore.properties", + "_justification": "CSCAN-GENERAL0060 used only in DemoApp" + }, + { + "file": "/TestApp34/android/keystores/debug.keystore.properties", + "_justification": "CSCAN-GENERAL0060 used only in DemoApp" + }, + { + "file": "/TestAppTypescript/android/keystores/debug.keystore.properties", + "_justification": "CSCAN-GENERAL0060 used only in DemoApp" + } + ] +} + \ No newline at end of file diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 779addc3b..000000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: "Code Scanning - Action" - -on: - push: - pull_request: - schedule: - - cron: '0 0 * * 0' - -jobs: - CodeQL-Build: - - strategy: - fail-fast: false - - - # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - # Override language selection by uncommenting this and choosing your languages - with: - languages: javascript - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below). - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1