Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
microsoft
GitHub Repository: microsoft/vscode
 Path: blob/main/build/azure-pipelines/win32/sdl-scan-win32.yml
3520 views
1
parameters:

2
  - name: VSCODE_ARCH

3
    type: string

4
  - name: VSCODE_QUALITY

5
    type: string

6


7
steps:

8
  - template: ../common/checkout.yml@self

9


10
  - task: NodeTool@0

11
    inputs:

12
      versionSource: fromFile

13
      versionFilePath: .nvmrc

14


15
  - task: UsePythonVersion@0

16
    inputs:

17
      versionSpec: "3.x"

18
      addToPath: true

19


20
  - template: ../distro/download-distro.yml@self

21


22
  - task: AzureKeyVault@2

23
    displayName: "Azure Key Vault: Get Secrets"

24
    inputs:

25
      azureSubscription: vscode

26
      KeyVaultName: vscode-build-secrets

27
      SecretsFilter: "github-distro-mixin-password"

28


29
  - powershell: node build/setup-npm-registry.js $env:NPM_REGISTRY

30
    condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'))

31
    displayName: Setup NPM Registry

32


33
  - powershell: |

34
      . build/azure-pipelines/win32/exec.ps1

35
      $ErrorActionPreference = "Stop"

36
      # Set the private NPM registry to the global npmrc file

37
      # so that authentication works for subfolders like build/, remote/, extensions/ etc

38
      # which does not have their own .npmrc file

39
      exec { npm config set registry "$env:NPM_REGISTRY" }

40
      $NpmrcPath = (npm config get userconfig)

41
      echo "##vso[task.setvariable variable=NPMRC_PATH]$NpmrcPath"

42
    condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'))

43
    displayName: Setup NPM

44


45
  - task: npmAuthenticate@0

46
    inputs:

47
      workingFile: $(NPMRC_PATH)

48
    condition: and(succeeded(), ne(variables['NPM_REGISTRY'], 'none'))

49
    displayName: Setup NPM Authentication

50


51
  - pwsh: |

52
      $includes = @'

53
        {

54
          'target_defaults': {

55
            'conditions': [

56
              ['OS=="win"', {

57
                'msvs_settings': {

58
                  'VCCLCompilerTool': {

59
                    'AdditionalOptions': [

60
                      '/Zi',

61
                      '/FS'

62
                    ],

63
                  },

64
                  'VCLinkerTool': {

65
                    'AdditionalOptions': [

66
                      '/profile'

67
                    ]

68
                  }

69
                }

70
              }]

71
            ]

72
          }

73
        }

74
      '@

75


76
      if (!(Test-Path "~/.gyp")) {

77
        mkdir "~/.gyp"

78
      }

79
      echo $includes > "~/.gyp/include.gypi"

80
    displayName: Create include.gypi

81


82
  - powershell: |

83
      . build/azure-pipelines/win32/exec.ps1

84
      $ErrorActionPreference = "Stop"

85
      exec { npm ci }

86
    env:

87
      npm_config_arch: ${{ parameters.VSCODE_ARCH }}

88
      npm_config_foreground_scripts: "true"

89
      ELECTRON_SKIP_BINARY_DOWNLOAD: 1

90
      PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1

91
      GITHUB_TOKEN: "$(github-distro-mixin-password)"

92
    retryCountOnTaskFailure: 5

93
    displayName: Install dependencies

94


95
  - script: node build/azure-pipelines/distro/mixin-npm

96
    displayName: Mixin distro node modules

97


98
  - script: node build/azure-pipelines/distro/mixin-quality

99
    displayName: Mixin distro quality

100
    env:

101
      VSCODE_QUALITY: ${{ parameters.VSCODE_QUALITY }}

102


103
  - powershell: npm run compile

104
    displayName: Compile

105


106
  - powershell: npm run gulp "vscode-symbols-win32-${{ parameters.VSCODE_ARCH }}"

107
    env:

108
      GITHUB_TOKEN: "$(github-distro-mixin-password)"

109
    displayName: Download Symbols

110


111
  - powershell: |

112
      Get-ChildItem '$(Agent.BuildDirectory)\scanbin' -Recurse -Filter "*.exe"

113
      Get-ChildItem '$(Agent.BuildDirectory)\scanbin' -Recurse -Filter "*.dll"

114
      Get-ChildItem '$(Agent.BuildDirectory)\scanbin' -Recurse -Filter "*.node"

115
      Get-ChildItem '$(Agent.BuildDirectory)\scanbin' -Recurse -Filter "*.pdb"

116
    displayName: List files

117


118
  - task: CopyFiles@2

119
    displayName: 'Collect Symbols for API Scan'

120
    inputs:

121
      SourceFolder: $(Agent.BuildDirectory)

122
      Contents: 'scanbin\**\*.pdb'

123
      TargetFolder: '$(Agent.BuildDirectory)\symbols'

124
      flattenFolders: true

125
    condition: succeeded()

126


127
  - task: APIScan@2

128
    inputs:

129
      softwareFolder: $(Agent.BuildDirectory)\scanbin

130
      softwareName: 'vscode-client'

131
      softwareVersionNum: '1'

132
      symbolsFolder: 'srv*https://symweb.azurefd.net;$(Agent.BuildDirectory)\symbols'

133
      isLargeApp: false

134
      toolVersion: 'Latest'

135
      azureSubscription: 'vscode-apiscan'

136
    displayName: Run ApiScan

137
    condition: succeeded()

138
    env:

139
      AzureServicesAuthConnectionString: RunAs=App;AppId=c0940da5-8bd3-4dd3-8af1-40774b50edbd;TenantId=72f988bf-86f1-41af-91ab-2d7cd011db47;ServiceConnectionId=3e55d992-b60d-414d-9071-e4fad359c748;

140
      SYSTEM_ACCESSTOKEN: $(System.AccessToken)

141


142
  - task: PublishSecurityAnalysisLogs@3

143
    inputs:

144
      ArtifactName: CodeAnalysisLogs

145
      ArtifactType: Container

146
      PublishProcessedResults: false

147
      AllTools: true

148


149
  # TSA Upload

150
  - task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@2

151
    displayName: TSA Upload

152
    continueOnError: true

153
    inputs:

154
      GdnPublishTsaOnboard: true

155
      GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)/build/azure-pipelines/config/tsaoptions.json'

156


157