Codestin Search App

Thanks to visit codestin.com
Credit goes to github.com

This repository was archived by the owner on Apr 20, 2023. It is now read-only.

Member

ravimeda commented Aug 2, 2017

These changes allow automatic queuing of security build.

build/buildpipeline/security/Get-LatestVersion.ps1 is invoked by the root build (https://devdiv.visualstudio.com/DevDiv/_build/index?context=allDefinitions&path=%5CDotNet%5CSecurity&definitionId=6698&_a=completed) to retrieve commit SHA and package Id from latest.version. This info is passed onto the build leg i.e. DotNet-CLI-Security-Windows.json, which perform the scanning of assemblies and sources for security issues.

Refer (https://github.com/dotnet/core-eng/issues/1401).

Post merge, I will setup a trigger to run security build once per day, and cleanup documentation at https://github.com/dotnet/core-eng/blob/master/Documentation/Project-Docs/security-builds.md

@livarcocc PTAL.

Cc @MichaelSimons


          Get latest version info from latest.version file. (#5)

19a9c17

ravimeda self-assigned this

ravimeda requested a review from livarcocc

August 2, 2017 21:20

dnfclas added the cla-already-signed label

Member Author

ravimeda commented Aug 2, 2017 •

edited

Loading

@nguerrera since Livar is OOF, would you PTAL. This PR is a follow up of #7296
#Closed

ravimeda commented

View reviewed changes

build/buildpipeline/security/DotNet-CLI-Security-Windows.json Outdated

    
                  "name": "DotNet-Cli-Trusted",

                  "url": "https://devdiv.visualstudio.com/DevDiv/_git/DotNet-Cli-Trusted",

                  "defaultBranch": "refs/heads/master",

                  "defaultBranch": "refs/heads/sec_ext",

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view


          Switch to master branch.

e3bca32

ravimeda requested a review from nguerrera

August 3, 2017 14:58

Member

MichaelSimons commented Aug 3, 2017 •

edited by ravimeda

Loading

@ravimeda, Does the Get-LatestVersion.ps1 script have to be invoked by the pipebuild definition or can it be invoked from the DotNet-CLI-Security-Windows build leg? It is generally a best practice to keep as much logic as possible out of the pipebuild definitions since they are not checked in. #Resolved

Member Author

ravimeda commented Aug 3, 2017 •

edited

Loading

Good question, Michael. The way I was thinking is, the root build invokes Get-LatestVersion.ps1 once, and passes the info to build leg(s). One invocation and multiple uses.
But you have a valid point about having most of the logic in build legs i.e. the JSON file, which is versioned, and makes it easier to track changes. I agree. I'll update accordingly. #Closed

MichaelSimons reviewed

View reviewed changes

build/buildpipeline/security/Get-LatestVersion.ps1 Outdated

    
                      try

                      {

                          if(Test-Path "$latestVersionFilePath")

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

MichaelSimons reviewed

View reviewed changes

build/buildpipeline/security/Get-LatestVersion.ps1 Outdated

    
              $latestVersionUrl = "$UrlPrefix/$Branch/$Filename"

              $latestVersionFilePath = ".\latest.version"

              $env:CliLatestCommitSha = ""

              $env:CliLatestPackageId = ""

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

nguerrera approved these changes

View reviewed changes


          Addressed PR feedback (#6)

0d837ca

Member Author

ravimeda commented Aug 3, 2017 •

edited

Loading

@MichaelSimons addressed the following through 0d837ca

Get-LatestVersion is invoked in build leg
CliLatestCommitSha and CliLatestPackageId are VSTS Task Variables and not environment variables
Extracting the latest info from the web request response directly as opposed to downloading and reading the content.

PTAL.
#Closed

MichaelSimons reviewed

View reviewed changes

build/buildpipeline/security/Get-LatestVersion.ps1 Outdated

    
                  $retryCount = 1

                  $oldEap = $ErrorActionPreference

                  while ($retryCount -le 3)

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

build/buildpipeline/security/Get-LatestVersion.ps1 Outdated

    
                      try

                      {

                          return (Invoke-WebRequest -Uri "$latestVersionUrl" -UseBasicParsing).Content.Split([Environment]::NewLine, [System.StringSplitOptions]::RemoveEmptyEntries)

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

build/buildpipeline/security/Get-LatestVersion.ps1 Outdated

    
              $latestVersionUrl = "$UrlPrefix/$Branch/$Filename"

              $latestVersionContent = Get-VersionInfo

              if (-not [string]::IsNullOrWhiteSpace($latestVersionContent) -and $latestVersionContent.Length -eq 2)

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

build/buildpipeline/security/DotNet-CLI-Security-Windows.json

    
                    "inputs": {

                      "scriptType": "filePath",

                      "scriptName": "$(Build.SourcesDirectory)\\build\\buildpipeline\\security\\Get-LatestVersion.ps1",

                      "arguments": "-Branch \"$(CodeBase)\"",

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view


          Addressed PR feedback - part 2. (#7)

d6bd18e

Member Author

ravimeda commented Aug 4, 2017

Addressed the following through d6bd18e

Replaced 3 with $retries at line 30 of Get-LatestVersion.ps1
In the same file, simplified the null check as if ($latestVersionContent -ne $null -and $latestVersionContent.Length -eq 2)
Removed the value against workingFolder in the JSON.

PTAL

Thanks again.

MichaelSimons approved these changes

View reviewed changes

Member

MichaelSimons left a comment

LGTM

Member Author

ravimeda commented Aug 4, 2017

@nguerrera FYI I will merge as soon as the checks pass.

Member Author

ravimeda commented Aug 4, 2017

@nguerrera please could you merge this PR. The two failures appear unrelated to these changes.

wli3 commented Aug 4, 2017

@dotnet-bot test OpenSUSE42.1 x64 Debug Build
@dotnet-bot test Ubuntu16.10 x64 Debug Build

wli3 commented Aug 4, 2017

requeueing these tests, they should be healthy

ravimeda merged commit b60272d into dotnet:master

Member Author

ravimeda commented Aug 4, 2017

Thanks all!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet