From 22ebdfe0f8aed2100e879ac6b7d7465adf4ec678 Mon Sep 17 00:00:00 2001 From: Matt Mitchell Date: Tue, 1 Feb 2022 10:23:52 -0800 Subject: [PATCH] [release/6.0] Enable CG detection in the job templates (#8376) (#8403) * Enable CG detection in the job templates (#8376) Remove the explicit injection in the arcade pipeline * Continue on error for CG --- azure-pipelines.yml | 2 +- eng/common-variables.yml | 2 -- eng/common/templates/job/job.yml | 5 +++++ eng/common/templates/job/publish-build-assets.yml | 4 ---- eng/common/templates/jobs/jobs.yml | 4 ++++ eng/common/templates/post-build/common-variables.yml | 4 ---- 6 files changed, 10 insertions(+), 11 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 4cfd0c1e9a6..b69a9d5b7fe 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -73,7 +73,7 @@ stages: $(_InternalBuildArgs) /p:Test=false displayName: Windows Build / Publish - - task: ComponentGovernanceComponentDetection@0 + - ${{ if eq(variables._RunAsPublic, True) }}: - job: Linux container: LinuxContainer diff --git a/eng/common-variables.yml b/eng/common-variables.yml index 805ec66de9e..a8fc301ef8e 100644 --- a/eng/common-variables.yml +++ b/eng/common-variables.yml @@ -10,8 +10,6 @@ variables: value: False - name: _InternalBuildArgs value: '' - - name: skipComponentGovernanceDetection - value: true - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - name: _RunAsPublic diff --git a/eng/common/templates/job/job.yml b/eng/common/templates/job/job.yml index 37dceb1bab0..30d1de5835e 100644 --- a/eng/common/templates/job/job.yml +++ b/eng/common/templates/job/job.yml @@ -24,6 +24,7 @@ parameters: enablePublishBuildAssets: false enablePublishTestResults: false enablePublishUsingPipelines: false + disableComponentGovernance: false mergeTestResults: false testRunTitle: '' testResultsFormat: '' @@ -136,6 +137,10 @@ jobs: richNavLogOutputDirectory: $(Build.SourcesDirectory)/artifacts/bin continueOnError: true + - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), ne(parameters.disableComponentGovernance, 'true')) }}: + - task: ComponentGovernanceComponentDetection@0 + continueOnError: true + - ${{ if eq(parameters.enableMicrobuild, 'true') }}: - ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - task: MicroBuildCleanup@1 diff --git a/eng/common/templates/job/publish-build-assets.yml b/eng/common/templates/job/publish-build-assets.yml index fe9dfdf720c..d91bf914711 100644 --- a/eng/common/templates/job/publish-build-assets.yml +++ b/eng/common/templates/job/publish-build-assets.yml @@ -38,10 +38,6 @@ jobs: value: ${{ parameters.configuration }} - group: Publish-Build-Assets - group: AzureDevOps-Artifact-Feeds-Pats - # Skip component governance and codesign validation for SDL. These jobs - # create no content. - - name: skipComponentGovernanceDetection - value: true - name: runCodesignValidationInjection value: false diff --git a/eng/common/templates/jobs/jobs.yml b/eng/common/templates/jobs/jobs.yml index 2cc0f67e153..4dfa68f92b5 100644 --- a/eng/common/templates/jobs/jobs.yml +++ b/eng/common/templates/jobs/jobs.yml @@ -8,6 +8,10 @@ parameters: # Optional: Enable publishing using release pipelines enablePublishUsingPipelines: false + # Optional: Disable component governance detection. In general, component governance + # should be on for all jobs. Use only in the event of issues. + disableComponentGovernance: false + # Optional: Enable running the source-build jobs to build repo from source enableSourceBuild: false diff --git a/eng/common/templates/post-build/common-variables.yml b/eng/common/templates/post-build/common-variables.yml index c99fd750376..956ed7eb904 100644 --- a/eng/common/templates/post-build/common-variables.yml +++ b/eng/common/templates/post-build/common-variables.yml @@ -91,9 +91,5 @@ variables: - name: InternalInstallersBlobFeedKey value: $(dotnetclimsrc-access-key) - # Skip component governance and codesign validation for SDL. These jobs - # create no content. - - name: skipComponentGovernanceDetection - value: true - name: runCodesignValidationInjection value: false