Select the files for compliance tests which are owned by PowerShell (#10837)
* Move fxd compliance to the top to avoid binskim and apiscan on fxd folder * Choose only the files we build for compliance * Update tools/packaging/packaging.psm1 Co-Authored-By: Travis Plunk <travis.plunk@microsoft.com>
This commit is contained in:
parent
13f8ba284f
commit
49e906bc3b
|
@ -215,20 +215,11 @@ function Start-PSPackage {
|
|||
# Copy files which go into the root package
|
||||
Get-ChildItem -Path $publishSource | Copy-Item -Destination $Source -Recurse
|
||||
|
||||
# files not to include as individual files. These files will be included in the root package
|
||||
# pwsh.exe is just dotnet.exe renamed by dotnet.exe during the build.
|
||||
$toExclude = @(
|
||||
'hostfxr.dll'
|
||||
'hostpolicy.dll'
|
||||
'libhostfxr.so'
|
||||
'libhostpolicy.so'
|
||||
'libhostfxr.dylib'
|
||||
'libhostpolicy.dylib'
|
||||
'Publish'
|
||||
'pwsh.exe'
|
||||
)
|
||||
# Copy file which go into symbols.zip
|
||||
Get-ChildItem -Path $buildSource | Where-Object {$toExclude -inotcontains $_.Name} | Copy-Item -Destination $symbolsSource -Recurse
|
||||
$signingXml = [xml] (Get-Content (Join-Path $PSScriptRoot "..\releaseBuild\signing.xml" -Resolve))
|
||||
# Only include the files we sign for compliance scanning, those are the files we build.
|
||||
$filesToInclude = $signingXml.SignConfigXML.job.file.src | Where-Object { -not $_.endswith('pwsh.exe') -and ($_.endswith(".dll") -or $_.endswith(".exe")) } | ForEach-Object { ($_ -split '\\')[-1] }
|
||||
$filesToInclude += $filesToInclude | ForEach-Object { $_ -replace '.dll', '.pdb' }
|
||||
Get-ChildItem -Path $buildSource | Where-Object { $_.Name -in $filesToInclude } | Copy-Item -Destination $symbolsSource -Recurse
|
||||
|
||||
# Zip symbols.zip to the root package
|
||||
$zipSource = Join-Path $symbolsSource -ChildPath '*'
|
||||
|
|
|
@ -30,6 +30,11 @@ jobs:
|
|||
displayName: 'Capture artifacts directory'
|
||||
continueOnError: true
|
||||
|
||||
- template: expand-compliance.yml
|
||||
parameters:
|
||||
architecture: fxdependent
|
||||
version: $(version)
|
||||
|
||||
- template: expand-compliance.yml
|
||||
parameters:
|
||||
architecture: x86
|
||||
|
@ -40,11 +45,6 @@ jobs:
|
|||
architecture: x64
|
||||
version: $(version)
|
||||
|
||||
- template: expand-compliance.yml
|
||||
parameters:
|
||||
architecture: fxdependent
|
||||
version: $(version)
|
||||
|
||||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
|
||||
displayName: 'Run Defender Scan'
|
||||
|
||||
|
|
Loading…
Reference in a new issue