diff --git a/.config/1espt/PipelineAutobaseliningConfig.yml b/.config/1espt/PipelineAutobaseliningConfig.yml deleted file mode 100644 index d0b72b0747..0000000000 --- a/.config/1espt/PipelineAutobaseliningConfig.yml +++ /dev/null @@ -1,144 +0,0 @@ -## DO NOT MODIFY THIS FILE MANUALLY. This is part of auto-baselining from 1ES Pipeline Templates. Go to [https://aka.ms/1espt-autobaselining] for more details. - -pipelines: - 7126: - usedNonDefaultBranch: true - retail: - source: - credscan: - lastModifiedDate: 2025-02-13 - armory: - lastModifiedDate: 2025-02-13 - binary: - credscan: - lastModifiedDate: 2025-02-13 - binskim: - lastModifiedDate: 2025-02-13 - 7442: - retail: - source: - credscan: - lastModifiedDate: 2025-02-13 - psscriptanalyzer: - lastModifiedDate: 2025-02-13 - armory: - lastModifiedDate: 2025-02-13 - binary: - credscan: - lastModifiedDate: 2025-02-13 - binskim: - lastModifiedDate: 2025-02-13 - spotbugs: - lastModifiedDate: 2025-02-13 - 7462: - retail: - source: - credscan: - lastModifiedDate: 2025-02-13 - psscriptanalyzer: - lastModifiedDate: 2025-02-13 - armory: - lastModifiedDate: 2025-02-13 - binary: - credscan: - lastModifiedDate: 2025-02-14 - binskim: - lastModifiedDate: 2025-02-25 - spotbugs: - lastModifiedDate: 2025-02-14 - 7468: - retail: - source: - credscan: - lastModifiedDate: 2025-02-13 - psscriptanalyzer: - lastModifiedDate: 2025-02-13 - armory: - lastModifiedDate: 2025-02-13 - binary: - credscan: - lastModifiedDate: 2025-02-14 - binskim: - lastModifiedDate: 2025-02-25 - spotbugs: - lastModifiedDate: 2025-02-14 - 7470: - retail: - source: - credscan: - lastModifiedDate: 2025-02-13 - psscriptanalyzer: - lastModifiedDate: 2025-02-13 - armory: - lastModifiedDate: 2025-02-13 - binary: - credscan: - lastModifiedDate: 2025-02-14 - binskim: - lastModifiedDate: 2025-02-25 - spotbugs: - lastModifiedDate: 2025-02-14 - 7471: - retail: - source: - credscan: - lastModifiedDate: 2025-02-13 - psscriptanalyzer: - lastModifiedDate: 2025-02-13 - armory: - lastModifiedDate: 2025-02-13 - binary: - credscan: - lastModifiedDate: 2025-02-14 - binskim: - lastModifiedDate: 2025-02-14 - spotbugs: - lastModifiedDate: 2025-02-14 - 7473: - retail: - source: - credscan: - lastModifiedDate: 2025-02-13 - psscriptanalyzer: - lastModifiedDate: 2025-02-13 - armory: - lastModifiedDate: 2025-02-13 - binary: - credscan: - lastModifiedDate: 2025-02-14 - binskim: - lastModifiedDate: 2025-02-14 - spotbugs: - lastModifiedDate: 2025-02-14 - 7469: - retail: - source: - credscan: - lastModifiedDate: 2025-02-14 - psscriptanalyzer: - lastModifiedDate: 2025-02-14 - armory: - lastModifiedDate: 2025-02-14 - binary: - credscan: - lastModifiedDate: 2025-02-14 - binskim: - lastModifiedDate: 2025-02-14 - spotbugs: - lastModifiedDate: 2025-02-14 - 7472: - retail: - source: - credscan: - lastModifiedDate: 2025-02-19 - psscriptanalyzer: - lastModifiedDate: 2025-02-19 - armory: - lastModifiedDate: 2025-02-19 - binary: - credscan: - lastModifiedDate: 2025-02-19 - binskim: - lastModifiedDate: 2025-02-19 - spotbugs: - lastModifiedDate: 2025-02-19 diff --git a/.config/guardian/.gdnbaselines b/.config/guardian/.gdnbaselines deleted file mode 100644 index 9ebb9d1235..0000000000 --- a/.config/guardian/.gdnbaselines +++ /dev/null @@ -1,57 +0,0 @@ -{ - "properties": { - "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/baselines" - }, - "version": "1.0.0", - "baselines": { - "default": { - "name": "default", - "createdDate": "2025-02-13 01:27:03Z", - "lastUpdatedDate": "2025-02-13 01:27:03Z" - } - }, - "results": { - "40f143c4587e7f4d006ddddc5cd76cbb815237d6abbb7f4980030e24e3604a8c": { - "signature": "40f143c4587e7f4d006ddddc5cd76cbb815237d6abbb7f4980030e24e3604a8c", - "alternativeSignatures": [], - "target": "sdk/keyvault/azure_security_keyvault_secrets/README.md", - "line": 88, - "memberOf": [ - "default" - ], - "tool": "credscan", - "ruleId": "CSCAN-GENERAL0060", - "createdDate": "2025-02-19 01:40:30Z", - "expirationDate": "2025-08-08 02:29:29Z", - "justification": "This error is baselined with an expiration date of 180 days from 2025-02-19 02:29:29Z" - }, - "5daf403c163908218b44ba4e6c8e767b58ffcc942d9f824bb0aab289df6bf62f": { - "signature": "5daf403c163908218b44ba4e6c8e767b58ffcc942d9f824bb0aab289df6bf62f", - "alternativeSignatures": [], - "target": "azure_security_keyvault_secrets/azure_security_keyvault_secrets-0.1.0/README.md", - "line": 88, - "memberOf": [ - "default" - ], - "tool": "credscan", - "ruleId": "CSCAN-GENERAL0060", - "createdDate": "2025-02-13 20:39:39Z", - "expirationDate": "2025-08-02 20:56:16Z", - "justification": "This error is baselined with an expiration date of 180 days from 2025-02-13 20:56:16Z" - }, - "28f3fdcd262626355217631cc50784715e653b749cbc77da61ebfa2ff0e8f247": { - "signature": "28f3fdcd262626355217631cc50784715e653b749cbc77da61ebfa2ff0e8f247", - "alternativeSignatures": [], - "target": "azure_security_keyvault_secrets/README.md", - "line": 88, - "memberOf": [ - "default" - ], - "tool": "credscan", - "ruleId": "CSCAN-GENERAL0060", - "createdDate": "2025-02-19 01:44:17Z", - "expirationDate": "2025-08-08 02:29:29Z", - "justification": "This error is baselined with an expiration date of 180 days from 2025-02-19 02:29:29Z" - } - } -} \ No newline at end of file diff --git a/eng/pipelines/templates/jobs/pack.yml b/eng/pipelines/templates/jobs/pack.yml index 3b55c81c5c..d3d5b354a2 100644 --- a/eng/pipelines/templates/jobs/pack.yml +++ b/eng/pipelines/templates/jobs/pack.yml @@ -19,10 +19,18 @@ jobs: os: linux steps: - - template: /eng/common/pipelines/templates/steps/sparse-checkout.yml - parameters: - paths: - - "/*" + # Pull requests require the target branch ref, but fetchDepth: 1 doesn't fetch additional refs. + # SDL Baselining requires a github token, but sparse checkout doesn't set one. + # Use Sparse Checkout for pull requests and native, shallow checkout for everything else. + - ${{ if eq(variables['Build.Reason'], 'PullRequest') }}: + - template: /eng/common/pipelines/templates/steps/sparse-checkout.yml + parameters: + paths: + - "/*" + - ${{ else }}: + - checkout: self + fetchDepth: 1 + persistCredentials: true - ${{ if and(eq(variables['System.TeamProject'], 'internal'), ne(variables['Build.Reason'], '')) }}: - script: | diff --git a/eng/pipelines/templates/stages/1es-redirect.yml b/eng/pipelines/templates/stages/1es-redirect.yml index bbbde35ab9..f1c5d519e0 100644 --- a/eng/pipelines/templates/stages/1es-redirect.yml +++ b/eng/pipelines/templates/stages/1es-redirect.yml @@ -19,6 +19,9 @@ parameters: - name: oneESTemplateTag type: string default: release + - name: AutoBaseline + type: boolean + default: false extends: ${{ if and(parameters.Use1ESOfficial, eq(parameters.oneESTemplateTag, 'canary')) }}: @@ -36,7 +39,15 @@ extends: - 1ES.PT.Tag-refs/tags/canary settings: skipBuildTagsForGitHubPullRequests: true + # only enable autoBaseline for the internal build of rust-core on main branch + ${{ if parameters.AutoBaseline }}: + featureFlags: + autoBaseline: true sdl: + ${{ if parameters.AutoBaseline }}: + autoBaseline: + isMainPipeline: true + enableForGitHub: true sourceAnalysisPool: name: azsdk-pool-mms-win-2022-general image: azsdk-pool-mms-win-2022-1espt diff --git a/eng/pipelines/templates/stages/archetype-sdk-client.yml b/eng/pipelines/templates/stages/archetype-sdk-client.yml index 086392f837..c9253f3095 100644 --- a/eng/pipelines/templates/stages/archetype-sdk-client.yml +++ b/eng/pipelines/templates/stages/archetype-sdk-client.yml @@ -15,6 +15,7 @@ extends: template: /eng/pipelines/templates/stages/1es-redirect.yml parameters: oneESTemplateTag: ${{ parameters.oneESTemplateTag }} + autoBaseline: ${{ and(eq(variables['Build.DefinitionName'], 'rust - core'), eq(variables['Build.SourceBranchName'], 'main'), eq(variables['System.TeamProject'], 'internal')) }} stages: - stage: Build variables: