From 6a106abb406a813e2afae4ec3e84f398284eb988 Mon Sep 17 00:00:00 2001 From: James Truher Date: Tue, 11 Jan 2022 13:41:10 -0800 Subject: [PATCH 1/7] Add SBOM creation to PSSA build. --- .ci/releaseBuild.yml | 9 ++++++++- build.ps1 | 6 ++++++ build.psm1 | 28 ++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index 4b6b5bf73..02256d158 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -136,11 +136,18 @@ stages: **/Pluralize*.dll **/Newtonsoft*.dll + # Create the manifest for the module + - template: Sbom.yml@ComplianceRepo + parameters: + BuildDropPath: $(signOutPath) + Build_Repository_Uri: 'https://github.com/powershell/crescendo' + displayName: create manifest + # now create the nupkg which we will use to publish the module # to the powershell gallery (not part of this yaml) - pwsh: | Set-Location "$(Build.SourcesDirectory)/OSS_Microsoft_PSSA" - ./build -BuildNupkg -signed + ./build -BuildNupkg -CopyManifest -signed displayName: Create nupkg for publishing # finally publish the parts of the build which will be used in the next stages diff --git a/build.ps1 b/build.ps1 index 4f537214a..a0e27e798 100644 --- a/build.ps1 +++ b/build.ps1 @@ -42,6 +42,9 @@ param( [Parameter(ParameterSetName='Package')] [switch] $BuildNupkg, + [Parameter(ParameterSetName='Package')] + [switch] $CopyManifest, + [Parameter(ParameterSetName='Package')] [switch] $Signed @@ -92,6 +95,9 @@ END { return } "Package" { + if($CopyManifest) { + Copy-Manifest -signed:$Signed + } Start-CreatePackage -signed:$Signed } "Test" { diff --git a/build.psm1 b/build.psm1 index 8bc052f9e..a0c321483 100644 --- a/build.psm1 +++ b/build.psm1 @@ -767,6 +767,34 @@ function Copy-CrossCompatibilityModule } } +# copy the manifest into the module if is present +function Copy-Manifest +{ + param ( [switch]$signed ) + try { + if ( $signed ) { + $buildRoot = "signed" + } + else { + $buildRoot = "out" + } + $analyzerVersion = Get-AnalyzerVersion + # location where analyzer goes + $baseDir = [io.path]::Combine($projectRoot,${buildRoot},"${analyzerName}", $analyzerVersion) + Push-Location -Path $baseDir + # debugging + (Get-ChildItem -File -Recurse)|ForEach-Object {Write-Verbose -Verbose -Message $_} + # copy the manifest files + if ( Test-Path _manifest ) { + Copy-Item -Path _manifest -Destination $baseDir -Verbose + } + } + finally { + Pop-Location + Unregister-PSRepository -Name $repoName + } +} + # creates the nuget package which can be used for publishing to the gallery function Start-CreatePackage { From 8dc2300bbefa1cba09e55992725c0cc615a809d8 Mon Sep 17 00:00:00 2001 From: James Truher Date: Tue, 11 Jan 2022 13:45:53 -0800 Subject: [PATCH 2/7] remove extraneous displayname --- .ci/releaseBuild.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index 02256d158..ba56e7863 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -141,7 +141,6 @@ stages: parameters: BuildDropPath: $(signOutPath) Build_Repository_Uri: 'https://github.com/powershell/crescendo' - displayName: create manifest # now create the nupkg which we will use to publish the module # to the powershell gallery (not part of this yaml) From a50177a2b7f7d2a728817ed6e7d837e1f00400ba Mon Sep 17 00:00:00 2001 From: James Truher Date: Tue, 11 Jan 2022 16:11:36 -0800 Subject: [PATCH 3/7] change logic for copying manifest. fix build repository URL. --- .ci/releaseBuild.yml | 2 +- build.psm1 | 33 +++++++++++++-------------------- 2 files changed, 14 insertions(+), 21 deletions(-) diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml index ba56e7863..8dc6b8f2d 100644 --- a/.ci/releaseBuild.yml +++ b/.ci/releaseBuild.yml @@ -140,7 +140,7 @@ stages: - template: Sbom.yml@ComplianceRepo parameters: BuildDropPath: $(signOutPath) - Build_Repository_Uri: 'https://github.com/powershell/crescendo' + Build_Repository_Uri: 'https://github.com/powershell/PSScriptAnalyzer' # now create the nupkg which we will use to publish the module # to the powershell gallery (not part of this yaml) diff --git a/build.psm1 b/build.psm1 index a0c321483..9d842f89e 100644 --- a/build.psm1 +++ b/build.psm1 @@ -771,27 +771,20 @@ function Copy-CrossCompatibilityModule function Copy-Manifest { param ( [switch]$signed ) - try { - if ( $signed ) { - $buildRoot = "signed" - } - else { - $buildRoot = "out" - } - $analyzerVersion = Get-AnalyzerVersion - # location where analyzer goes - $baseDir = [io.path]::Combine($projectRoot,${buildRoot},"${analyzerName}", $analyzerVersion) - Push-Location -Path $baseDir - # debugging - (Get-ChildItem -File -Recurse)|ForEach-Object {Write-Verbose -Verbose -Message $_} - # copy the manifest files - if ( Test-Path _manifest ) { - Copy-Item -Path _manifest -Destination $baseDir -Verbose - } + if ( $signed ) { + $buildRoot = "signed" } - finally { - Pop-Location - Unregister-PSRepository -Name $repoName + else { + $buildRoot = "out" + } + $analyzerVersion = Get-AnalyzerVersion + # location where analyzer goes + # debugging + (Get-ChildItem -File -Recurse)|ForEach-Object {Write-Verbose -Verbose -Message $_} + $baseDir = [io.path]::Combine($projectRoot,${buildRoot},"${analyzerName}", $analyzerVersion) + # copy the manifest files + if ( Test-Path _manifest ) { + Copy-Item -Path _manifest -Destination $baseDir -Verbose } } From 4029a8ca6b778862565e359190007b80e533a0d0 Mon Sep 17 00:00:00 2001 From: James Truher Date: Tue, 11 Jan 2022 16:32:24 -0800 Subject: [PATCH 4/7] improve debugging output --- build.psm1 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/build.psm1 b/build.psm1 index 9d842f89e..c0b1bcaa8 100644 --- a/build.psm1 +++ b/build.psm1 @@ -781,10 +781,13 @@ function Copy-Manifest # location where analyzer goes # debugging (Get-ChildItem -File -Recurse)|ForEach-Object {Write-Verbose -Verbose -Message $_} - $baseDir = [io.path]::Combine($projectRoot,${buildRoot},"${analyzerName}", $analyzerVersion) + $modBaseDir = [io.path]::Combine($projectRoot,${buildRoot},"${analyzerName}", $analyzerVersion) # copy the manifest files if ( Test-Path _manifest ) { - Copy-Item -Path _manifest -Destination $baseDir -Verbose + Copy-Item -Path _manifest -Destination $modBaseDir -Verbose + } + else { + Write-Warning -Message "_manifest not found in $PWD" } } @@ -804,6 +807,7 @@ function Start-CreatePackage $nupkgDir = Join-Path $PSScriptRoot $buildRoot $null = Register-PSRepository -Name $repoName -InstallationPolicy Trusted -SourceLocation $nupkgDir Push-Location $nupkgDir + Publish-Module -Path $PWD/PSScriptAnalyzer -Repository $repoName } finally { From 4bc349accc6240911815dde82659285333c1cf08 Mon Sep 17 00:00:00 2001 From: James Truher Date: Tue, 11 Jan 2022 16:46:50 -0800 Subject: [PATCH 5/7] move to buildRoot before looking for _manifest --- build.psm1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/build.psm1 b/build.psm1 index c0b1bcaa8..0bbf89730 100644 --- a/build.psm1 +++ b/build.psm1 @@ -783,12 +783,14 @@ function Copy-Manifest (Get-ChildItem -File -Recurse)|ForEach-Object {Write-Verbose -Verbose -Message $_} $modBaseDir = [io.path]::Combine($projectRoot,${buildRoot},"${analyzerName}", $analyzerVersion) # copy the manifest files + Push-Location $buildRoot if ( Test-Path _manifest ) { Copy-Item -Path _manifest -Destination $modBaseDir -Verbose } else { Write-Warning -Message "_manifest not found in $PWD" } + Pop-Location } # creates the nuget package which can be used for publishing to the gallery From 66814bc2e09701e422f44f4812d60806ec0075f5 Mon Sep 17 00:00:00 2001 From: James Truher Date: Tue, 11 Jan 2022 23:52:41 -0800 Subject: [PATCH 6/7] copy manifest recursively. --- build.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.psm1 b/build.psm1 index 0bbf89730..2f52a6edb 100644 --- a/build.psm1 +++ b/build.psm1 @@ -785,7 +785,7 @@ function Copy-Manifest # copy the manifest files Push-Location $buildRoot if ( Test-Path _manifest ) { - Copy-Item -Path _manifest -Destination $modBaseDir -Verbose + Copy-Item -Recurse -Path _manifest -Destination $modBaseDir -Verbose } else { Write-Warning -Message "_manifest not found in $PWD" From ff3f971abb9b4a6aa103cd01118c947999725e05 Mon Sep 17 00:00:00 2001 From: James Truher Date: Tue, 18 Jan 2022 14:57:33 -0800 Subject: [PATCH 7/7] remove MacOS Mojave from test matrix. image removed from Azure devops in December 2021 --- .azure-pipelines-ci/ci.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.azure-pipelines-ci/ci.yaml b/.azure-pipelines-ci/ci.yaml index 0a2588483..6707fffb9 100644 --- a/.azure-pipelines-ci/ci.yaml +++ b/.azure-pipelines-ci/ci.yaml @@ -26,8 +26,6 @@ stages: vmImage: ubuntu-18.04 Ubuntu_20_04: vmImage: ubuntu-20.04 - macOS_10_14_Mojave: - vmImage: macOS-10.14 macOS_10_15_Catalina: vmImage: macOS-10.15 Windows_Server2016_PowerShell_Core: