From de9d6c87b6ccab5c7784bdafa7d03c65d21814da Mon Sep 17 00:00:00 2001 From: Peter Collins Date: Wed, 10 Jan 2024 15:28:49 -0800 Subject: [PATCH] [ci] Add exe files to API Scan (#8617) The API Scan job added in commit a10aa383cb accidentally excluded some of our xamarin-android-binutils artifacts. The job has been fixed to scan the EXE files (and corresponding symbols) that were previously skipped. The latest scan results appear to be consistent with what was being reported through VS scans, and we can continue working through these issues: 1. ApiScan Error missingsymbols - File: aapt2.exe. Tool: ApiScan: Rule: missingsymbols (Missing Symbols) 2. ApiScan Error documentationnotfound - File: aapt2.exe. Tool: ApiScan: Rule: documentationnotfound (Documentation Not Found). 3. ApiScan Error improperfileformat - File: as.exe. Tool: ApiScan: Rule: improperfileformat (Improper File Format). 4. ApiScan Error missingsymbols - File: ld.exe. Tool: ApiScan: Rule: missingsymbols (Missing Symbols). 5. ApiScan Error improperfileformat - File: libzipsharpnative-3-0.dll. Tool: ApiScan: Rule: improperfileformat (Improper File Format). 6. ApiScan Error improperfileformat - File: llc.exe. Tool: ApiScan: Rule: improperfileformat (Improper File Format). 7. ApiScan Error improperfileformat - File: llvm-mc.exe. Tool: ApiScan: Rule: improperfileformat (Improper File Format). 8. ApiScan Error missingsymbols - File: llvm-strip.exe. Tool: ApiScan: Rule: missingsymbols (Missing Symbols). --- .../automation/azure-pipelines-nightly.yaml | 33 ++++++++++++------- .../yaml-templates/build-macos.yaml | 14 +------- .../yaml-templates/commercial-build.yaml | 14 ++++++++ 3 files changed, 36 insertions(+), 25 deletions(-) diff --git a/build-tools/automation/azure-pipelines-nightly.yaml b/build-tools/automation/azure-pipelines-nightly.yaml index bbf13e27974..69ac75c87e6 100644 --- a/build-tools/automation/azure-pipelines-nightly.yaml +++ b/build-tools/automation/azure-pipelines-nightly.yaml @@ -25,6 +25,10 @@ resources: name: dotnet/maui endpoint: xamarin +parameters: +- name: ApiScanSourceBranch + default: 'refs/heads/main' + # Global variables variables: - template: yaml-templates/variables.yaml @@ -285,6 +289,7 @@ stages: - stage: compliance_scan displayName: Compliance dependsOn: mac_build + condition: and(eq(dependencies.mac_build.result, 'Succeeded'), eq(variables['Build.SourceBranch'], '${{ parameters.ApiScanSourceBranch }}')) jobs: - job: api_scan displayName: API Scan @@ -294,9 +299,6 @@ stages: timeoutInMinutes: 480 workspace: clean: all - variables: - - name: ApiScan.Enabled - value: true steps: - template: yaml-templates/setup-test-environment.yaml parameters: @@ -305,19 +307,30 @@ stages: restoreNUnitConsole: false updateMono: false - ### Copy .dll and .pdb files for APIScan + - task: DownloadPipelineArtifact@2 + displayName: Download binutils pdbs + inputs: + artifactName: $(WindowsToolchainPdbArtifactName) + downloadPath: $(Build.StagingDirectory)\binutils-pdb + + - powershell: | + Expand-Archive "$(Build.StagingDirectory)\binutils-pdb\$(WindowsToolchainPdbArtifactName).zip" "$(System.DefaultWorkingDirectory)\binutils-pdb" + Get-ChildItem -Path "$(System.DefaultWorkingDirectory)\binutils-pdb" -Recurse + displayName: Extract binutils pdbs + + ### Copy .dll, .exe, .pdb files for APIScan - task: CopyFiles@2 displayName: Collect Files for APIScan inputs: - Contents: $(System.DefaultWorkingDirectory)\bin\$(XA.Build.Configuration)\dotnet\packs\Microsoft.Android*\**\?(*.dll|*.pdb) + Contents: | + $(System.DefaultWorkingDirectory)\bin\$(XA.Build.Configuration)\dotnet\packs\Microsoft.Android*\**\?(*.dll|*.exe|*.pdb) + $(System.DefaultWorkingDirectory)\binutils-pdb\*.pdb TargetFolder: $(Build.StagingDirectory)\apiscan OverWrite: true flattenFolders: true - condition: and(succeeded(), eq(variables['ApiScan.Enabled'], 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) - pwsh: Get-ChildItem -Path "$(Build.StagingDirectory)\apiscan" -Recurse displayName: List Files for APIScan - condition: and(succeeded(), eq(variables['ApiScan.Enabled'], 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) ### Run latest version of APIScan listed at https://www.1eswiki.com/wiki/APIScan_Build_Task - task: APIScan@2 @@ -326,10 +339,9 @@ stages: softwareFolder: $(Build.StagingDirectory)\apiscan symbolsFolder: 'SRV*http://symweb;$(Build.StagingDirectory)\apiscan' softwareName: $(ApiScanName) - softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion)-$(Rev:r) + softwareVersionNum: $(Build.SourceBranchName)-$(Build.SourceVersion)$(System.JobAttempt) isLargeApp: true toolVersion: Latest - condition: and(succeeded(), eq(variables['ApiScan.Enabled'], 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) env: AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(ApiScanTenant);AppKey=$(ApiScanSecret) @@ -339,7 +351,6 @@ stages: GdnExportAllTools: false GdnExportGdnToolApiScan: true GdnExportOutputSuppressionFile: source.gdnsuppress - condition: and(succeededOrFailed(), eq(variables['ApiScan.Enabled'], 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) - task: PublishSecurityAnalysisLogs@3 displayName: Publish Guardian Artifacts @@ -349,11 +360,9 @@ stages: AllTools: false APIScan: true ToolLogsNotFoundAction: Warning - condition: and(succeededOrFailed(), eq(variables['ApiScan.Enabled'], 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) - task: PostAnalysis@2 displayName: Fail Build on Guardian Issues inputs: GdnBreakAllTools: false GdnBreakGdnToolApiScan: true - condition: and(succeededOrFailed(), eq(variables['ApiScan.Enabled'], 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main')) diff --git a/build-tools/automation/yaml-templates/build-macos.yaml b/build-tools/automation/yaml-templates/build-macos.yaml index 23d400ada95..abdb0103a09 100644 --- a/build-tools/automation/yaml-templates/build-macos.yaml +++ b/build-tools/automation/yaml-templates/build-macos.yaml @@ -49,6 +49,7 @@ stages: installerArtifactName: ${{ parameters.installerArtifactName }} nugetArtifactName: ${{ parameters.nugetArtifactName }} testAssembliesArtifactName: ${{ parameters.testAssembliesArtifactName }} + windowsToolchainPdbArtifactName: ${{ parameters.windowsToolchainPdbArtifactName }} - powershell: | [IO.Directory]::CreateDirectory("$(Build.StagingDirectory)/empty") @@ -73,19 +74,6 @@ stages: artifactName: sbom-components-macos pathToPublish: $(Build.StagingDirectory)/sbom-components - - script: > - mkdir -p $(System.DefaultWorkingDirectory)/xamarin-android/bin/Build$(XA.Build.Configuration)/windows-toolchain-pdb && - cd $(System.DefaultWorkingDirectory)/xamarin-android/bin/$(XA.Build.Configuration)/lib/packs/Microsoft.Android.Sdk.Darwin/*/tools/binutils/windows-toolchain-pdb && - zip -r $(System.DefaultWorkingDirectory)/xamarin-android/bin/Build$(XA.Build.Configuration)/windows-toolchain-pdb/windows-toolchain-pdb.zip . - workingDirectory: $(System.DefaultWorkingDirectory)/xamarin-android - displayName: zip Windows toolchain pdb files - - - task: PublishPipelineArtifact@1 - displayName: upload Windows toolchain pdb files - inputs: - artifactName: ${{ parameters.windowsToolchainPdbArtifactName }} - targetPath: $(System.DefaultWorkingDirectory)/xamarin-android/bin/Build$(XA.Build.Configuration)/windows-toolchain-pdb - - template: upload-results.yaml parameters: xaSourcePath: $(System.DefaultWorkingDirectory)/xamarin-android diff --git a/build-tools/automation/yaml-templates/commercial-build.yaml b/build-tools/automation/yaml-templates/commercial-build.yaml index 59a2dd2f10b..84421581edf 100644 --- a/build-tools/automation/yaml-templates/commercial-build.yaml +++ b/build-tools/automation/yaml-templates/commercial-build.yaml @@ -4,6 +4,7 @@ parameters: makeMSBuildArgs: '' nugetArtifactName: $(NuGetArtifactName) testAssembliesArtifactName: $(TestAssembliesArtifactName) + windowsToolchainPdbArtifactName: $(WindowsToolchainPdbArtifactName) steps: - script: echo "##vso[task.setvariable variable=JI_JAVA_HOME]$HOME/android-toolchain/jdk-17" @@ -140,6 +141,19 @@ steps: artifactName: ${{ parameters.testAssembliesArtifactName }} targetPath: ${{ parameters.xaSourcePath }}/bin/Test$(XA.Build.Configuration) +- script: > + mkdir -p ${{ parameters.xaSourcePath }}/bin/Build$(XA.Build.Configuration)/windows-toolchain-pdb && + cd ${{ parameters.xaSourcePath }}/bin/$(XA.Build.Configuration)/lib/packs/Microsoft.Android.Sdk.Darwin/*/tools/binutils/windows-toolchain-pdb && + zip -r ${{ parameters.xaSourcePath }}/bin/Build$(XA.Build.Configuration)/windows-toolchain-pdb/windows-toolchain-pdb.zip . + workingDirectory: ${{ parameters.xaSourcePath }} + displayName: zip Windows toolchain pdb files + +- task: PublishPipelineArtifact@1 + displayName: upload Windows toolchain pdb files + inputs: + artifactName: ${{ parameters.windowsToolchainPdbArtifactName }} + targetPath: ${{ parameters.xaSourcePath }}/bin/Build$(XA.Build.Configuration)/windows-toolchain-pdb + - task: PublishPipelineArtifact@1 displayName: upload build tools inventory inputs: