From 20a224c676146b2f8ab309ef08aae94b8149e57f Mon Sep 17 00:00:00 2001 From: James Dawson Date: Thu, 21 Mar 2024 10:50:21 +0000 Subject: [PATCH] Feature/test SBOM analyser build (#181) * Updated build script * Add the 'compilePhaseAzureCredentials' secret so the build job has an Azure security context for accessing the data lake. * Updated workflow * Updated workflow * Added Az.Storage to build script * Updated workflow to generate new Github token * Added missing quotes * Testing custom github token * Forgotten comma * Added use of custom github token * Added publish phase env * Added missing comma * Updated with fail build if there are rejected components * Updated error message * Message wasn't printing * New error message trial * Add line breaks to error message * New error message * Fix issues * Missing 's' * Added updates for unknown components * Write warning instead of Throw error for unknown components * Fix breakages * Brackets around function * Change order and message of error and warning messages * Final Changes * Fix errors * Changes * Remove accidentally committed files * Test latest SBOM-related build changes * Remove customisations now part of the scripted build * Add secret to enable the SBOM Analysis functionality * Switch to released version of build module * Fix-up build * Remove comma * Add secret to enable SBOM analysis build feature * Bump build module version --------- Co-authored-by: Charlotte Co-authored-by: Howard van Rooijen --- .github/workflows/build.yml | 2 ++ .gitignore | 1 + build.ps1 | 8 +++++--- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1a16050..3051dc9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -49,6 +49,7 @@ jobs: BUILDVAR_NuGetPublishSource: "${{ startsWith(github.ref, 'refs/tags/') && 'https://api.nuget.org/v3/index.json' || 'https://nuget.pkg.github.com/endjin/index.json' }}" secretsYaml: | NUGET_API_KEY: "${{ startsWith(github.ref, 'refs/tags/') && secrets.ENDJIN_NUGET_APIKEY || secrets.ENDJIN_GITHUB_PUBLISHER_PAT }}" + SBOM_ANALYSIS_RELEASE_READER_PAT: "${{ secrets.ENDJIN_GITHUB_READER_PAT }}" build: needs: prepareConfig @@ -61,4 +62,5 @@ jobs: publishPhaseEnv: ${{ needs.prepareConfig.outputs.RESOLVED_ENV_VARS }} secrets: compilePhaseAzureCredentials: ${{ secrets.ENDJIN_PROD_ACR_READER_CREDENTIALS }} + compilePhaseSecrets: ${{ needs.prepareConfig.outputs.RESOLVED_SECRETS }} publishPhaseSecrets: ${{ needs.prepareConfig.outputs.RESOLVED_SECRETS }} diff --git a/.gitignore b/.gitignore index 62c463b..6fb2624 100644 --- a/.gitignore +++ b/.gitignore @@ -401,3 +401,4 @@ FodyWeavers.xsd *.sbom* _codeCoverage/ _packages/ +.analysis/ \ No newline at end of file diff --git a/build.ps1 b/build.ps1 index 6c857f2..2e99495 100644 --- a/build.ps1 +++ b/build.ps1 @@ -71,7 +71,10 @@ param ( [string] $BuildModulePath, [Parameter()] - [version] $BuildModuleVersion = "1.5.4", + [version] $BuildModuleVersion = "1.5.5", + + [Parameter()] + [string] $BuildModulePackageVersion = $BuildModuleVersion, [Parameter()] [version] $InvokeBuildModuleVersion = "5.10.3" @@ -105,7 +108,7 @@ if ($MyInvocation.ScriptName -notlike '*Invoke-Build.ps1') { if (!($BuildModulePath)) { if (!(Get-Module -ListAvailable Endjin.RecommendedPractices.Build | ? { $_.Version -eq $BuildModuleVersion })) { Write-Information "Installing 'Endjin.RecommendedPractices.Build' module..." - Install-Module Endjin.RecommendedPractices.Build -RequiredVersion $BuildModuleVersion -Scope CurrentUser -Force -Repository PSGallery + Install-Module Endjin.RecommendedPractices.Build -RequiredVersion $BuildModulePackageVersion -Scope CurrentUser -Force -Repository PSGallery -AllowPrerelease:$($BuildModulePackageVersion -match "-") } $BuildModulePath = "Endjin.RecommendedPractices.Build" } @@ -169,4 +172,3 @@ task PostPackage {} task PrePublish {} task PostPublish {} task RunLast {} -