Path: blob/main/build/azure-pipelines/win32/sdl-scan-win32.yml
5392 views
parameters:1- name: VSCODE_ARCH2type: string3- name: VSCODE_QUALITY4type: string56steps:7- template: ../common/checkout.yml@self89- task: NodeTool@010inputs:11versionSource: fromFile12versionFilePath: .nvmrc1314- task: UsePythonVersion@015inputs:16versionSpec: "3.x"17addToPath: true1819- template: ../distro/download-distro.yml@self2021- task: AzureKeyVault@222displayName: "Azure Key Vault: Get Secrets"23inputs:24azureSubscription: vscode25KeyVaultName: vscode-build-secrets26SecretsFilter: "github-distro-mixin-password"2728- powershell: node build/setup-npm-registry.ts $env:NPM_REGISTRY29condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'))30displayName: Setup NPM Registry3132- powershell: |33. build/azure-pipelines/win32/exec.ps134$ErrorActionPreference = "Stop"35# Set the private NPM registry to the global npmrc file36# so that authentication works for subfolders like build/, remote/, extensions/ etc37# which does not have their own .npmrc file38exec { npm config set registry "$env:NPM_REGISTRY" }39$NpmrcPath = (npm config get userconfig)40echo "##vso[task.setvariable variable=NPMRC_PATH]$NpmrcPath"41condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'))42displayName: Setup NPM4344- task: npmAuthenticate@045inputs:46workingFile: $(NPMRC_PATH)47condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'))48displayName: Setup NPM Authentication4950- pwsh: |51$includes = @'52{53'target_defaults': {54'conditions': [55['OS=="win"', {56'msvs_settings': {57'VCCLCompilerTool': {58'AdditionalOptions': [59'/Zi',60'/FS'61],62},63'VCLinkerTool': {64'AdditionalOptions': [65'/profile'66]67}68}69}]70]71}72}73'@7475if (!(Test-Path "~/.gyp")) {76mkdir "~/.gyp"77}78echo $includes > "~/.gyp/include.gypi"79displayName: Create include.gypi8081- powershell: |82. build/azure-pipelines/win32/exec.ps183$ErrorActionPreference = "Stop"84exec { npm ci }85env:86npm_config_arch: ${{ parameters.VSCODE_ARCH }}87npm_config_foreground_scripts: "true"88ELECTRON_SKIP_BINARY_DOWNLOAD: 189PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 190GITHUB_TOKEN: "$(github-distro-mixin-password)"91retryCountOnTaskFailure: 592displayName: Install dependencies9394- script: node build/azure-pipelines/distro/mixin-npm.ts95displayName: Mixin distro node modules9697- script: node build/azure-pipelines/distro/mixin-quality.ts98displayName: Mixin distro quality99env:100VSCODE_QUALITY: ${{ parameters.VSCODE_QUALITY }}101102- powershell: npm run compile103displayName: Compile104105- powershell: npm run gulp "vscode-symbols-win32-${{ parameters.VSCODE_ARCH }}"106env:107GITHUB_TOKEN: "$(github-distro-mixin-password)"108displayName: Download Symbols109110- powershell: |111Get-ChildItem '$(Agent.BuildDirectory)\scanbin' -Recurse -Filter "*.exe"112Get-ChildItem '$(Agent.BuildDirectory)\scanbin' -Recurse -Filter "*.dll"113Get-ChildItem '$(Agent.BuildDirectory)\scanbin' -Recurse -Filter "*.node"114Get-ChildItem '$(Agent.BuildDirectory)\scanbin' -Recurse -Filter "*.pdb"115displayName: List files116117- task: PublishSymbols@2118displayName: 'Publish Symbols to Artifacts'119inputs:120SymbolsFolder: '$(Agent.BuildDirectory)\scanbin'121SearchPattern: '**/*.pdb'122IndexSources: false123PublishSymbols: true124SymbolServerType: 'TeamServices'125SymbolsProduct: 'vscode-client'126127- task: CopyFiles@2128displayName: 'Collect Symbols for API Scan'129inputs:130SourceFolder: $(Agent.BuildDirectory)131Contents: 'scanbin\**\*.pdb'132TargetFolder: '$(Agent.BuildDirectory)\symbols'133flattenFolders: true134condition: succeeded()135136- task: APIScan@2137inputs:138softwareFolder: $(Agent.BuildDirectory)\scanbin139softwareName: 'vscode-client'140softwareVersionNum: '1'141symbolsFolder: 'srv*https://symweb.azurefd.net;$(Agent.BuildDirectory)\symbols'142isLargeApp: false143toolVersion: 'Latest'144azureSubscription: 'vscode-apiscan'145displayName: Run ApiScan146condition: succeeded()147env:148AzureServicesAuthConnectionString: RunAs=App;AppId=c0940da5-8bd3-4dd3-8af1-40774b50edbd;TenantId=72f988bf-86f1-41af-91ab-2d7cd011db47;ServiceConnectionId=3e55d992-b60d-414d-9071-e4fad359c748;149SYSTEM_ACCESSTOKEN: $(System.AccessToken)150151- task: PublishSecurityAnalysisLogs@3152inputs:153ArtifactName: CodeAnalysisLogs154ArtifactType: Container155PublishProcessedResults: false156AllTools: true157158# TSA Upload159- task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@2160displayName: TSA Upload161continueOnError: true162inputs:163GdnPublishTsaOnboard: true164GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)/build/azure-pipelines/config/tsaoptions.json'165166167