From 9ca93c890e354c121871372778cccfa909494250 Mon Sep 17 00:00:00 2001 From: AnatolyPristensky Date: Wed, 6 Mar 2024 14:09:51 +0100 Subject: [PATCH 01/17] Initial template --- .azurepipelines/build-shared-ios-1ES.yml | 77 ++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 .azurepipelines/build-shared-ios-1ES.yml diff --git a/.azurepipelines/build-shared-ios-1ES.yml b/.azurepipelines/build-shared-ios-1ES.yml new file mode 100644 index 000000000..76abee82a --- /dev/null +++ b/.azurepipelines/build-shared-ios-1ES.yml @@ -0,0 +1,77 @@ +trigger: +- master +- develop +pr: +- master +- develop +resources: + repositories: + - repository: self + type: git + ref: refs/heads/develop + - repository: 1ESPipelineTemplates + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release +name: $(Date:yyyyMMdd).$(Rev:r) +variables: +- name: EOCompliance-Mac + value: true +- name: XCODE_PATH + value: /Applications/Xcode_13.2.1.app/Contents/Developer +extends: + ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/master') }}: + template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates + ${{ else }}: + template: v1/1ES.Unofficial.PipelineTemplate.yml@1ESPipelineTemplates + parameters: + pool: + name: Azure Pipelines + image: macos-latest + os: macOS + customBuildTags: + - ES365AIMigrationTooling-BulkMigrated + stages: + - stage: stage + jobs: + - job: sdkBuildJob + displayName: MacOs + cancelTimeoutInMinutes: 1 + templateContext: + outputs: + - output: pipelineArtifact + displayName: 'Publish Artifact: framework' + path: '$(Build.ArtifactStagingDirectory)' + artifactName: zip + steps: + - checkout: self + fetchTags: false + - task: Bash@3 + displayName: Install AppCenterReactNativeShared Pods + inputs: + filePath: AppCenterReactNativeShared/ios/post-clone.sh + workingDirectory: AppCenterReactNativeShared/ios + - task: Bash@3 + displayName: Select Xcode $(XCODE_PATH) + inputs: + targetType: inline + script: sudo xcode-select -s '$(XCODE_PATH)' + - task: Bash@3 + displayName: Build xc-framework + inputs: + targetType: inline + script: | + export SRCROOT=`pwd` + ./build-xcframework.sh + workingDirectory: AppCenterReactNativeShared/ios/ + - task: Bash@3 + displayName: Zip framework + inputs: + filePath: AppCenterReactNativeShared/zip-framework.sh + workingDirectory: AppCenterReactNativeShared + - task: CopyFiles@2 + displayName: Copy artifact + inputs: + SourceFolder: $(Build.SourcesDirectory)/AppCenterReactNativeShared/Products/ + Contents: AppCenter-SDK-ReactNative-iOS-Pod-*.zip + TargetFolder: $(Build.ArtifactStagingDirectory) \ No newline at end of file From 5eb4837b26b98c56a95af7b44a863ef10a9d0384 Mon Sep 17 00:00:00 2001 From: AnatolyPristensky Date: Thu, 7 Mar 2024 12:31:51 +0100 Subject: [PATCH 02/17] Add SDL pool --- .azurepipelines/build-shared-ios-1ES.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.azurepipelines/build-shared-ios-1ES.yml b/.azurepipelines/build-shared-ios-1ES.yml index 76abee82a..236c35442 100644 --- a/.azurepipelines/build-shared-ios-1ES.yml +++ b/.azurepipelines/build-shared-ios-1ES.yml @@ -31,6 +31,8 @@ extends: os: macOS customBuildTags: - ES365AIMigrationTooling-BulkMigrated + sdl: + sourceAnalysisPool: 1ES-PT-Windows-2022 stages: - stage: stage jobs: From 62f1c6771165362bb6276cfeccfce89f1c851f21 Mon Sep 17 00:00:00 2001 From: AnatolyPristensky Date: Thu, 7 Mar 2024 15:55:41 +0100 Subject: [PATCH 03/17] Create .gdnbaselines --- .gdn/.gdnbaselines | 81 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 .gdn/.gdnbaselines diff --git a/.gdn/.gdnbaselines b/.gdn/.gdnbaselines new file mode 100644 index 000000000..4c3bbb9dd --- /dev/null +++ b/.gdn/.gdnbaselines @@ -0,0 +1,81 @@ +{ + "hydrated": false, + "properties": { + "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/baselines", + "hydrationStatus": "This file does not contain identifying data. It is safe to check into your repo. To hydrate this file with identifying data, run `guardian hydrate --help` and follow the guidance." + }, + "version": "1.0.0", + "baselines": { + "default": { + "name": "default", + "createdDate": "2024-03-07 11:48:31Z", + "lastUpdatedDate": "2024-03-07 11:48:31Z" + } + }, + "results": { + "87e030e4d09c54daa4f7467e24c11f7bf009cc3484630fbe660c46ac140c60e3": { + "signature": "87e030e4d09c54daa4f7467e24c11f7bf009cc3484630fbe660c46ac140c60e3", + "alternativeSignatures": [], + "memberOf": [ + "default" + ], + "createdDate": "2024-03-07 11:48:31Z" + }, + "d75452ccfbb7ec92065a28fbd998cfaca66865fb194c56b1dc274c9ff39a2072": { + "signature": "d75452ccfbb7ec92065a28fbd998cfaca66865fb194c56b1dc274c9ff39a2072", + "alternativeSignatures": [], + "memberOf": [ + "default" + ], + "createdDate": "2024-03-07 11:48:31Z" + }, + "cbb2e80be04f8d7d741804ba6a7ee9e7b326d5c61658b24c02c9764135a5aac3": { + "signature": "cbb2e80be04f8d7d741804ba6a7ee9e7b326d5c61658b24c02c9764135a5aac3", + "alternativeSignatures": [], + "memberOf": [ + "default" + ], + "createdDate": "2024-03-07 11:48:31Z" + }, + "ea72f4a7f1a755fa355c0a5c954482a10e8e65afa9548809f5a1d8cb54f4e2fc": { + "signature": "ea72f4a7f1a755fa355c0a5c954482a10e8e65afa9548809f5a1d8cb54f4e2fc", + "alternativeSignatures": [], + "memberOf": [ + "default" + ], + "createdDate": "2024-03-07 11:48:31Z" + }, + "795b9d951e3e7148077611b53558e23ba91dc3324dcadd49d389b3ee420fe653": { + "signature": "795b9d951e3e7148077611b53558e23ba91dc3324dcadd49d389b3ee420fe653", + "alternativeSignatures": [], + "memberOf": [ + "default" + ], + "createdDate": "2024-03-07 11:48:31Z" + }, + "84d6b4070d906335ee203c56e3194983b30f906302036b7bf58c2f5d15ba3a6a": { + "signature": "84d6b4070d906335ee203c56e3194983b30f906302036b7bf58c2f5d15ba3a6a", + "alternativeSignatures": [], + "memberOf": [ + "default" + ], + "createdDate": "2024-03-07 11:48:31Z" + }, + "4fec7af554ec6860254e4681b3512bdb4233cb21980990507548f5c63ba0c681": { + "signature": "4fec7af554ec6860254e4681b3512bdb4233cb21980990507548f5c63ba0c681", + "alternativeSignatures": [], + "memberOf": [ + "default" + ], + "createdDate": "2024-03-07 11:48:31Z" + }, + "8a33b1d7392ce1bbd783f101c03a0816205cef4d406c1bee78262df1467bef69": { + "signature": "8a33b1d7392ce1bbd783f101c03a0816205cef4d406c1bee78262df1467bef69", + "alternativeSignatures": [], + "memberOf": [ + "default" + ], + "createdDate": "2024-03-07 11:48:31Z" + } + } +} \ No newline at end of file From 40cf1763fa5358d05aac699789ff89ae5295bfa0 Mon Sep 17 00:00:00 2001 From: AnatolyPristensky Date: Fri, 8 Mar 2024 11:13:30 +0100 Subject: [PATCH 04/17] Create .eslintignore --- .eslintignore | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .eslintignore diff --git a/.eslintignore b/.eslintignore new file mode 100644 index 000000000..141fc2465 --- /dev/null +++ b/.eslintignore @@ -0,0 +1,3 @@ +# ESLint ignore folders +TestApp/** +TestApp34/** \ No newline at end of file From 0e0e228ff3172c757e1c7eb2b5601f7c0fd778e8 Mon Sep 17 00:00:00 2001 From: AnatolyPristensky Date: Fri, 8 Mar 2024 11:24:25 +0100 Subject: [PATCH 05/17] Update Eslint parameters --- .azurepipelines/build-shared-ios-1ES.yml | 6 ++++++ .eslintignore | 3 --- 2 files changed, 6 insertions(+), 3 deletions(-) delete mode 100644 .eslintignore diff --git a/.azurepipelines/build-shared-ios-1ES.yml b/.azurepipelines/build-shared-ios-1ES.yml index 236c35442..5eab4791f 100644 --- a/.azurepipelines/build-shared-ios-1ES.yml +++ b/.azurepipelines/build-shared-ios-1ES.yml @@ -33,6 +33,12 @@ extends: - ES365AIMigrationTooling-BulkMigrated sdl: sourceAnalysisPool: 1ES-PT-Windows-2022 + eslint: + enableExclusions: true + exclusionPatterns: | + TestApp/ + TestApp34/ + DemoApp/ stages: - stage: stage jobs: diff --git a/.eslintignore b/.eslintignore deleted file mode 100644 index 141fc2465..000000000 --- a/.eslintignore +++ /dev/null @@ -1,3 +0,0 @@ -# ESLint ignore folders -TestApp/** -TestApp34/** \ No newline at end of file From 23c380f0ffc9709dc116cd4ca7ac47d2801e90ae Mon Sep 17 00:00:00 2001 From: AnatolyPristensky Date: Fri, 8 Mar 2024 11:24:52 +0100 Subject: [PATCH 06/17] Update Eslint --- .azurepipelines/build-shared-ios-1ES.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.azurepipelines/build-shared-ios-1ES.yml b/.azurepipelines/build-shared-ios-1ES.yml index 5eab4791f..b1f7c95d7 100644 --- a/.azurepipelines/build-shared-ios-1ES.yml +++ b/.azurepipelines/build-shared-ios-1ES.yml @@ -36,9 +36,9 @@ extends: eslint: enableExclusions: true exclusionPatterns: | - TestApp/ - TestApp34/ - DemoApp/ + TestApp/** + TestApp34/** + DemoApp/** stages: - stage: stage jobs: From bec8ef5720085f06593aa248753fa2914cf33975 Mon Sep 17 00:00:00 2001 From: AnatolyPristensky Date: Fri, 8 Mar 2024 11:30:40 +0100 Subject: [PATCH 07/17] Update build-shared-ios-1ES.yml --- .azurepipelines/build-shared-ios-1ES.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.azurepipelines/build-shared-ios-1ES.yml b/.azurepipelines/build-shared-ios-1ES.yml index b1f7c95d7..5eab4791f 100644 --- a/.azurepipelines/build-shared-ios-1ES.yml +++ b/.azurepipelines/build-shared-ios-1ES.yml @@ -36,9 +36,9 @@ extends: eslint: enableExclusions: true exclusionPatterns: | - TestApp/** - TestApp34/** - DemoApp/** + TestApp/ + TestApp34/ + DemoApp/ stages: - stage: stage jobs: From 2f0623c959b5b44b4908dbb6872e173e92369fb8 Mon Sep 17 00:00:00 2001 From: AnatolyPristensky Date: Fri, 8 Mar 2024 11:32:06 +0100 Subject: [PATCH 08/17] Formatting --- .azurepipelines/build-shared-ios-1ES.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.azurepipelines/build-shared-ios-1ES.yml b/.azurepipelines/build-shared-ios-1ES.yml index 5eab4791f..131303d86 100644 --- a/.azurepipelines/build-shared-ios-1ES.yml +++ b/.azurepipelines/build-shared-ios-1ES.yml @@ -36,9 +36,9 @@ extends: eslint: enableExclusions: true exclusionPatterns: | - TestApp/ - TestApp34/ - DemoApp/ + ../TestApp/* + ../TestApp34/* + ..DemoApp/* stages: - stage: stage jobs: From 8dd2c36fc2c5dfd176724676fa9b5caba375f491 Mon Sep 17 00:00:00 2001 From: AnatolyPristensky Date: Fri, 8 Mar 2024 11:38:01 +0100 Subject: [PATCH 09/17] Fix Eslint --- .azurepipelines/build-shared-ios-1ES.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.azurepipelines/build-shared-ios-1ES.yml b/.azurepipelines/build-shared-ios-1ES.yml index 131303d86..839427bf8 100644 --- a/.azurepipelines/build-shared-ios-1ES.yml +++ b/.azurepipelines/build-shared-ios-1ES.yml @@ -36,9 +36,9 @@ extends: eslint: enableExclusions: true exclusionPatterns: | - ../TestApp/* - ../TestApp34/* - ..DemoApp/* + TestApp/ + TestApp34/ + DemoApp/ stages: - stage: stage jobs: From 5f47b1c6f5cd5e341dbef769e83acd8f250de9e7 Mon Sep 17 00:00:00 2001 From: AnatolyPristensky Date: Fri, 8 Mar 2024 11:52:25 +0100 Subject: [PATCH 10/17] Add baseline --- .azurepipelines/build-shared-ios-1ES.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.azurepipelines/build-shared-ios-1ES.yml b/.azurepipelines/build-shared-ios-1ES.yml index 839427bf8..af0ad8baf 100644 --- a/.azurepipelines/build-shared-ios-1ES.yml +++ b/.azurepipelines/build-shared-ios-1ES.yml @@ -39,6 +39,9 @@ extends: TestApp/ TestApp34/ DemoApp/ + baseline: + baselineSet: default + baselineFile: $(Build.SourcesDirectory)/.gdn/.gdnbaselines stages: - stage: stage jobs: From 9200746cb55bc36dc20cdc90340824e00071919a Mon Sep 17 00:00:00 2001 From: AnatolyPristensky Date: Wed, 13 Mar 2024 12:12:25 +0100 Subject: [PATCH 11/17] Update Suppressions --- .azurepipelines/build-shared-ios-1ES.yml | 5 +- .config/CredScanSuppressions.json | 6 ++ .gdn/.gdnbaselines | 81 ------------------------ 3 files changed, 7 insertions(+), 85 deletions(-) create mode 100644 .config/CredScanSuppressions.json delete mode 100644 .gdn/.gdnbaselines diff --git a/.azurepipelines/build-shared-ios-1ES.yml b/.azurepipelines/build-shared-ios-1ES.yml index af0ad8baf..9e364995e 100644 --- a/.azurepipelines/build-shared-ios-1ES.yml +++ b/.azurepipelines/build-shared-ios-1ES.yml @@ -13,7 +13,7 @@ resources: type: git name: 1ESPipelineTemplates/1ESPipelineTemplates ref: refs/tags/release -name: $(Date:yyyyMMdd).$(Rev:r) +name: $(Build.SourceBranchName)_$(date:yyyyMMdd)$(rev:.r) variables: - name: EOCompliance-Mac value: true @@ -39,9 +39,6 @@ extends: TestApp/ TestApp34/ DemoApp/ - baseline: - baselineSet: default - baselineFile: $(Build.SourcesDirectory)/.gdn/.gdnbaselines stages: - stage: stage jobs: diff --git a/.config/CredScanSuppressions.json b/.config/CredScanSuppressions.json new file mode 100644 index 000000000..eb994e17d --- /dev/null +++ b/.config/CredScanSuppressions.json @@ -0,0 +1,6 @@ +{ + "tool": "Credential Scanner", + "suppressions": [ + ] +} + \ No newline at end of file diff --git a/.gdn/.gdnbaselines b/.gdn/.gdnbaselines deleted file mode 100644 index 4c3bbb9dd..000000000 --- a/.gdn/.gdnbaselines +++ /dev/null @@ -1,81 +0,0 @@ -{ - "hydrated": false, - "properties": { - "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/baselines", - "hydrationStatus": "This file does not contain identifying data. It is safe to check into your repo. To hydrate this file with identifying data, run `guardian hydrate --help` and follow the guidance." - }, - "version": "1.0.0", - "baselines": { - "default": { - "name": "default", - "createdDate": "2024-03-07 11:48:31Z", - "lastUpdatedDate": "2024-03-07 11:48:31Z" - } - }, - "results": { - "87e030e4d09c54daa4f7467e24c11f7bf009cc3484630fbe660c46ac140c60e3": { - "signature": "87e030e4d09c54daa4f7467e24c11f7bf009cc3484630fbe660c46ac140c60e3", - "alternativeSignatures": [], - "memberOf": [ - "default" - ], - "createdDate": "2024-03-07 11:48:31Z" - }, - "d75452ccfbb7ec92065a28fbd998cfaca66865fb194c56b1dc274c9ff39a2072": { - "signature": "d75452ccfbb7ec92065a28fbd998cfaca66865fb194c56b1dc274c9ff39a2072", - "alternativeSignatures": [], - "memberOf": [ - "default" - ], - "createdDate": "2024-03-07 11:48:31Z" - }, - "cbb2e80be04f8d7d741804ba6a7ee9e7b326d5c61658b24c02c9764135a5aac3": { - "signature": "cbb2e80be04f8d7d741804ba6a7ee9e7b326d5c61658b24c02c9764135a5aac3", - "alternativeSignatures": [], - "memberOf": [ - "default" - ], - "createdDate": "2024-03-07 11:48:31Z" - }, - "ea72f4a7f1a755fa355c0a5c954482a10e8e65afa9548809f5a1d8cb54f4e2fc": { - "signature": "ea72f4a7f1a755fa355c0a5c954482a10e8e65afa9548809f5a1d8cb54f4e2fc", - "alternativeSignatures": [], - "memberOf": [ - "default" - ], - "createdDate": "2024-03-07 11:48:31Z" - }, - "795b9d951e3e7148077611b53558e23ba91dc3324dcadd49d389b3ee420fe653": { - "signature": "795b9d951e3e7148077611b53558e23ba91dc3324dcadd49d389b3ee420fe653", - "alternativeSignatures": [], - "memberOf": [ - "default" - ], - "createdDate": "2024-03-07 11:48:31Z" - }, - "84d6b4070d906335ee203c56e3194983b30f906302036b7bf58c2f5d15ba3a6a": { - "signature": "84d6b4070d906335ee203c56e3194983b30f906302036b7bf58c2f5d15ba3a6a", - "alternativeSignatures": [], - "memberOf": [ - "default" - ], - "createdDate": "2024-03-07 11:48:31Z" - }, - "4fec7af554ec6860254e4681b3512bdb4233cb21980990507548f5c63ba0c681": { - "signature": "4fec7af554ec6860254e4681b3512bdb4233cb21980990507548f5c63ba0c681", - "alternativeSignatures": [], - "memberOf": [ - "default" - ], - "createdDate": "2024-03-07 11:48:31Z" - }, - "8a33b1d7392ce1bbd783f101c03a0816205cef4d406c1bee78262df1467bef69": { - "signature": "8a33b1d7392ce1bbd783f101c03a0816205cef4d406c1bee78262df1467bef69", - "alternativeSignatures": [], - "memberOf": [ - "default" - ], - "createdDate": "2024-03-07 11:48:31Z" - } - } -} \ No newline at end of file From 0ba646b001f00e6711633fd6ae70bcdb90968e31 Mon Sep 17 00:00:00 2001 From: AnatolyPristensky Date: Wed, 13 Mar 2024 14:26:37 +0100 Subject: [PATCH 12/17] Add files to suppression list --- .config/CredScanSuppressions.json | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/.config/CredScanSuppressions.json b/.config/CredScanSuppressions.json index eb994e17d..56a92306e 100644 --- a/.config/CredScanSuppressions.json +++ b/.config/CredScanSuppressions.json @@ -1,6 +1,22 @@ { "tool": "Credential Scanner", - "suppressions": [ + "suppressions": [ + { + "file": "/DemoApp/android/keystores/debug.keystore.properties", + "_justification": "CSCAN-GENERAL0060 used only in DemoApp" + }, + { + "file": "/TestApp/android/keystores/debug.keystore.properties", + "_justification": "CSCAN-GENERAL0060 used only in DemoApp" + }, + { + "file": "/TestApp34/android/keystores/debug.keystore.properties", + "_justification": "CSCAN-GENERAL0060 used only in DemoApp" + }, + { + "file": "/TestAppTypescript/android/keystores/debug.keystore.properties", + "_justification": "CSCAN-GENERAL0060 used only in DemoApp" + } ] } \ No newline at end of file From 44a9ea7637f852d6ec661f5b31595cc315a783d1 Mon Sep 17 00:00:00 2001 From: AnatolyPristensky Date: Wed, 13 Mar 2024 14:35:03 +0100 Subject: [PATCH 13/17] Add credscansuppressions file --- .azurepipelines/build-shared-ios-1ES.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.azurepipelines/build-shared-ios-1ES.yml b/.azurepipelines/build-shared-ios-1ES.yml index 9e364995e..9273e8e84 100644 --- a/.azurepipelines/build-shared-ios-1ES.yml +++ b/.azurepipelines/build-shared-ios-1ES.yml @@ -39,6 +39,8 @@ extends: TestApp/ TestApp34/ DemoApp/ + credscan: + suppressionsFile: $(Build.SourcesDirectory)/.config/CredScanSuppressions.json stages: - stage: stage jobs: From 8f2b84ec42c2c8ad07a02f0e65ddbb304e1e64eb Mon Sep 17 00:00:00 2001 From: AnatolyPristensky Date: Wed, 13 Mar 2024 14:35:57 +0100 Subject: [PATCH 14/17] Correct formatting --- .azurepipelines/build-shared-ios-1ES.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azurepipelines/build-shared-ios-1ES.yml b/.azurepipelines/build-shared-ios-1ES.yml index 9273e8e84..f784dacfe 100644 --- a/.azurepipelines/build-shared-ios-1ES.yml +++ b/.azurepipelines/build-shared-ios-1ES.yml @@ -40,7 +40,7 @@ extends: TestApp34/ DemoApp/ credscan: - suppressionsFile: $(Build.SourcesDirectory)/.config/CredScanSuppressions.json + suppressionsFile: $(Build.SourcesDirectory)/.config/CredScanSuppressions.json stages: - stage: stage jobs: From 9bb132868f35ee2460c150479b97861d2c6c2db9 Mon Sep 17 00:00:00 2001 From: Dmitriy Kirakosyan Date: Mon, 18 Mar 2024 15:01:28 +0700 Subject: [PATCH 15/17] Add APIScan --- .azurepipelines/build-shared-ios-1ES.yml | 35 +++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/.azurepipelines/build-shared-ios-1ES.yml b/.azurepipelines/build-shared-ios-1ES.yml index f784dacfe..0ddc62353 100644 --- a/.azurepipelines/build-shared-ios-1ES.yml +++ b/.azurepipelines/build-shared-ios-1ES.yml @@ -84,4 +84,37 @@ extends: inputs: SourceFolder: $(Build.SourcesDirectory)/AppCenterReactNativeShared/Products/ Contents: AppCenter-SDK-ReactNative-iOS-Pod-*.zip - TargetFolder: $(Build.ArtifactStagingDirectory) \ No newline at end of file + TargetFolder: $(Build.ArtifactStagingDirectory) + + - stage: APIScan + dependsOn: Stage + pool: + name: 1ES-PT-Windows-2022 + os: windows + variables: + "agent.source.skip": true + jobs: + - job: APIScan + steps: + - task: DownloadPipelineArtifact@2 + displayName: Download Build Artifacts for APIScan + inputs: + artifactName: zip + targetPath: '$(Agent.BuildDirectory)/zip' + - task: AzureKeyVault@2 + inputs: + azureSubscription: 'AC - Dev Infra & Build Pool' + KeyVaultName: 'mobile-center-sdk' + SecretsFilter: 'appcenter-sdk-managed-identity-clientid' + RunAsPreJob: false + - task: APIScan@2 + displayName: 'Run APIScan' + inputs: + softwareFolder: '$(Agent.BuildDirectory)\zip' + softwareName: 'appcenter-sdk-react-native' + softwareVersionNum: Latest + isLargeApp: false + verbosityLevel: verbose + condition: and(succeeded(), ne(variables['DisableAPIScan'], 'true')) + env: + AzureServicesAuthConnectionString: 'runAs=App;AppId=$(appcenter-sdk-managed-identity-clientid)' \ No newline at end of file From 2dc84af4ec5f16253c712da3216cf0916cef10c8 Mon Sep 17 00:00:00 2001 From: Dmitriy Kirakosyan Date: Thu, 21 Mar 2024 15:43:09 +0700 Subject: [PATCH 16/17] Use proper versions in apiscan task --- .azurepipelines/build-shared-ios-1ES.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.azurepipelines/build-shared-ios-1ES.yml b/.azurepipelines/build-shared-ios-1ES.yml index 0ddc62353..06c18548d 100644 --- a/.azurepipelines/build-shared-ios-1ES.yml +++ b/.azurepipelines/build-shared-ios-1ES.yml @@ -112,8 +112,9 @@ extends: inputs: softwareFolder: '$(Agent.BuildDirectory)\zip' softwareName: 'appcenter-sdk-react-native' - softwareVersionNum: Latest + softwareVersionNum: '$(Build.BuildId)' isLargeApp: false + toolVersion: 'Latest' verbosityLevel: verbose condition: and(succeeded(), ne(variables['DisableAPIScan'], 'true')) env: From fc07b9ff7dd7fe8051a6311ae5e446f6718e056c Mon Sep 17 00:00:00 2001 From: Dmitriy Kirakosyan Date: Thu, 21 Mar 2024 17:15:21 +0700 Subject: [PATCH 17/17] Remove CodeQL workflow --- .github/workflows/codeql.yml | 47 ------------------------------------ 1 file changed, 47 deletions(-) delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 779addc3b..000000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: "Code Scanning - Action" - -on: - push: - pull_request: - schedule: - - cron: '0 0 * * 0' - -jobs: - CodeQL-Build: - - strategy: - fail-fast: false - - - # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - # Override language selection by uncommenting this and choosing your languages - with: - languages: javascript - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below). - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1