Select the files for compliance tests which are owned by PowerShell (#10837)

* Move fxd compliance to the top to avoid binskim and apiscan on fxd folder * Choose only the files we build for compliance * Update tools/packaging/packaging.psm1 Co-Authored-By: Travis Plunk <travis.plunk@microsoft.com>
2019-10-19 10:32:34 -07:00 · 2019-10-19 10:32:34 -07:00 · 49e906bc3b
parent 13f8ba284f
commit 49e906bc3b
2 changed files with 10 additions and 19 deletions
--- a/tools/packaging/packaging.psm1
+++ b/tools/packaging/packaging.psm1
@ -215,20 +215,11 @@ function Start-PSPackage {
                # Copy files which go into the root package
                Get-ChildItem -Path $publishSource | Copy-Item -Destination $Source -Recurse

-                # files not to include as individual files.  These files will be included in the root package
-                # pwsh.exe is just dotnet.exe renamed by dotnet.exe during the build.
-                $toExclude = @(
-                    'hostfxr.dll'
-                    'hostpolicy.dll'
-                    'libhostfxr.so'
-                    'libhostpolicy.so'
-                    'libhostfxr.dylib'
-                    'libhostpolicy.dylib'
-                    'Publish'
-                    'pwsh.exe'
-                    )
-                # Copy file which go into symbols.zip
-                Get-ChildItem -Path $buildSource | Where-Object {$toExclude -inotcontains $_.Name} | Copy-Item -Destination $symbolsSource -Recurse
+                $signingXml = [xml] (Get-Content (Join-Path $PSScriptRoot "..\releaseBuild\signing.xml" -Resolve))
+                # Only include the files we sign for compliance scanning, those are the files we build.
+                $filesToInclude = $signingXml.SignConfigXML.job.file.src | Where-Object {  -not $_.endswith('pwsh.exe') -and ($_.endswith(".dll") -or $_.endswith(".exe")) } | ForEach-Object { ($_ -split '\\')[-1] }
+                $filesToInclude += $filesToInclude | ForEach-Object { $_ -replace '.dll', '.pdb' }
+                Get-ChildItem -Path $buildSource | Where-Object { $_.Name -in $filesToInclude } | Copy-Item -Destination $symbolsSource -Recurse

                # Zip symbols.zip to the root package
                $zipSource = Join-Path $symbolsSource -ChildPath '*'
--- a/tools/releaseBuild/azureDevOps/templates/compliance.yml
+++ b/tools/releaseBuild/azureDevOps/templates/compliance.yml
@ -30,6 +30,11 @@ jobs:
    displayName: 'Capture artifacts directory'
    continueOnError: true

+  - template: expand-compliance.yml
+    parameters:
+      architecture: fxdependent
+      version: $(version)
+
  - template: expand-compliance.yml
    parameters:
      architecture: x86
@ -40,11 +45,6 @@ jobs:
      architecture: x64
      version: $(version)

-  - template: expand-compliance.yml
-    parameters:
-      architecture: fxdependent
-      version: $(version)
-
  - task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
    displayName: 'Run Defender Scan'