Feature/test SBOM analyser build (#181)

* Updated build script * Add the 'compilePhaseAzureCredentials' secret so the build job has an Azure security context for accessing the data lake. * Updated workflow * Updated workflow * Added Az.Storage to build script * Updated workflow to generate new Github token * Added missing quotes * Testing custom github token * Forgotten comma * Added use of custom github token * Added publish phase env * Added missing comma * Updated with fail build if there are rejected components * Updated error message * Message wasn't printing * New error message trial * Add line breaks to error message * New error message * Fix issues * Missing 's' * Added updates for unknown components * Write warning instead of Throw error for unknown components * Fix breakages * Brackets around function * Change order and message of error and warning messages * Final Changes * Fix errors * Changes * Remove accidentally committed files * Test latest SBOM-related build changes * Remove customisations now part of the scripted build * Add secret to enable the SBOM Analysis functionality * Switch to released version of build module * Fix-up build * Remove comma * Add secret to enable SBOM analysis build feature * Bump build module version --------- Co-authored-by: Charlotte <charlotte.gayton@gmail.com> Co-authored-by: Howard van Rooijen <Howard.vanRooijen@endjin.com>
endjin · Mar 21, 2024 · 20a224c · 20a224c
1 parent 966c88c
commit 20a224c
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 3 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -49,6 +49,7 @@ jobs:
           BUILDVAR_NuGetPublishSource: "${{ startsWith(github.ref, 'refs/tags/') && 'https://api.nuget.org/v3/index.json' || 'https://nuget.pkg.github.com/endjin/index.json' }}"
         secretsYaml: |
           NUGET_API_KEY: "${{ startsWith(github.ref, 'refs/tags/') && secrets.ENDJIN_NUGET_APIKEY || secrets.ENDJIN_GITHUB_PUBLISHER_PAT }}"
+          SBOM_ANALYSIS_RELEASE_READER_PAT: "${{ secrets.ENDJIN_GITHUB_READER_PAT }}"
 
   build:
     needs: prepareConfig
@@ -61,4 +62,5 @@ jobs:
       publishPhaseEnv: ${{ needs.prepareConfig.outputs.RESOLVED_ENV_VARS }}
     secrets:
       compilePhaseAzureCredentials: ${{ secrets.ENDJIN_PROD_ACR_READER_CREDENTIALS }}
+      compilePhaseSecrets: ${{ needs.prepareConfig.outputs.RESOLVED_SECRETS }}
       publishPhaseSecrets: ${{ needs.prepareConfig.outputs.RESOLVED_SECRETS }}
diff --git a/.gitignore b/.gitignore
@@ -401,3 +401,4 @@ FodyWeavers.xsd
 *.sbom*
 _codeCoverage/
 _packages/
+.analysis/
diff --git a/build.ps1 b/build.ps1
@@ -71,7 +71,10 @@ param (
     [string] $BuildModulePath,
 
     [Parameter()]
-    [version] $BuildModuleVersion = "1.5.4",
+    [version] $BuildModuleVersion = "1.5.5",
+
+    [Parameter()]
+    [string] $BuildModulePackageVersion = $BuildModuleVersion,
 
     [Parameter()]
     [version] $InvokeBuildModuleVersion = "5.10.3"
@@ -105,7 +108,7 @@ if ($MyInvocation.ScriptName -notlike '*Invoke-Build.ps1') {
 if (!($BuildModulePath)) {
     if (!(Get-Module -ListAvailable Endjin.RecommendedPractices.Build | ? { $_.Version -eq $BuildModuleVersion })) {
         Write-Information "Installing 'Endjin.RecommendedPractices.Build' module..."
-        Install-Module Endjin.RecommendedPractices.Build -RequiredVersion $BuildModuleVersion -Scope CurrentUser -Force -Repository PSGallery
+        Install-Module Endjin.RecommendedPractices.Build -RequiredVersion $BuildModulePackageVersion -Scope CurrentUser -Force -Repository PSGallery -AllowPrerelease:$($BuildModulePackageVersion -match "-")
     }
     $BuildModulePath = "Endjin.RecommendedPractices.Build"
 }
@@ -169,4 +172,3 @@ task PostPackage {}
 task PrePublish {}
 task PostPublish {}
 task RunLast {}
-