v1.8.0 - pre and post jobs for container scanning (#65)

* Add Container Mapping support to MSDO (#63) * Improve logging and write tests (#64) * v1.8.0 - add pre and post job handling for containers * Add Timeout for all commands (#70) * Add a timeout for all commands * Add tests for command executor * fix test * Add comments and cleanup * Removed delim * modify commands (#72) * Remove Task Version (#73) * Removing redundant version call * Removed code * Update build process to split for out-of-band npm install * Sign powershell scripts * Remove signatures, unidentified on build agent * Fix build file * Default to powershell.exe * Update the new command dropdown type to pickList --------- Co-authored-by: Laveesh Rohra <[email protected]>
microsoft · Aug 3, 2023 · ed67861 · ed67861
1 parent 98410ce
commit ed67861
Show file tree

Hide file tree

Showing 29 changed files with 945 additions and 4,759 deletions.
diff --git a/.gitignore b/.gitignore
@@ -29,6 +29,7 @@ bld/
 [Ll]og/
 [Ll]ib/
 **/*.js
+**/*.js.map
 .publishers
 
 # Visual Studio 2015/2017 cache/options directory
@@ -39,6 +40,9 @@ bld/
 # Visual Studio 2017 auto generated files
 Generated\ Files/
 
+# VSCode files
+.vscode
+
 # MSTest test Results
 [Tt]est[Rr]esult*/
 [Bb]uild[Ll]og.*

diff --git a/README.md b/README.md
@@ -9,6 +9,7 @@ An extension for Azure DevOps that contributes a build task to run the [Microsof
 * Execution of a full suite of security tools
 * Normalized processing of results into the SARIF format
 * Build breaks and more
+* Captures the container images pushed in a build run 
 
 ## Basic
 

diff --git a/build.proj b/build.proj
@@ -8,6 +8,8 @@
         <LibDirectory Condition=" '$(LibDirectory)' == '' ">$(RepoDirectory)\lib</LibDirectory>
         <ScriptsDirectory Condition=" '$(ScriptsDirectory)' == '' ">$(RepoDirectory)\scripts</ScriptsDirectory>
         <SrcDirectory Condition=" '$(SrcDirectory)' == '' ">$(RepoDirectory)\src</SrcDirectory>
+        <TestDirectory Condition=" '$(TestDirectory)' == '' ">$(RepoDirectory)\test</TestDirectory>
+        <TestStagingDirectory Condition=" '$(TestStagingDirectory)' == '' ">$(TestDirectory)\lib</TestStagingDirectory>
     </PropertyGroup>
 
     <PropertyGroup Label="Configuration">
@@ -16,18 +18,26 @@
 
         <!-- Options -->
         <Official Condition=" '$(Official)' == '' ">false</Official>
+        <RunTests Condition=" '$(RunTests)' == '' ">false</RunTests>
+
         <NpmInstall Condition=" '$(NpmInstall)' == '' ">true</NpmInstall>
+        <ForceNpmInstall Condition=" '$(Official)' == 'true' ">true</ForceNpmInstall>
+        <ForceNpmInstall Condition=" '$(ForceNpmInstall)' == '' ">false</ForceNpmInstall>
+
+        <!-- Targets -->
+        <SkipCompileTsc Condition=" '$(SkipCompileTsc)' == '' ">false</SkipCompileTsc>
+        <SkipCompile Condition=" '$(SkipCompile)' == '' ">false</SkipCompile>
     </PropertyGroup>
 
     <PropertyGroup Label="BuildPaths">
         <OutputDirectory Condition=" '$(OutputDirectory)' == '' ">$(BinDirectory)\$(Configuration)</OutputDirectory>
         <StagingDirectory Condition=" '$(StagingDirectory)' == '' ">$(LibDirectory)\$(Configuration)</StagingDirectory>
         <LibNodeModulesDirectory Condition= " '$(LibNodeModulesDirectory)' == '' ">$(LibDirectory)\node_modules</LibNodeModulesDirectory>
-        <SrcNodeModulesDirectory Condition= " '$(SrcNodeModulesDirectory)' == '' ">$(SrcDirectory)\node_modules</SrcNodeModulesDirectory>
+        <RepoNodeModulesDirectory Condition= " '$(RepoNodeModulesDirectory)' == '' ">$(RepoDirectory)\node_modules</RepoNodeModulesDirectory>
     </PropertyGroup>
 
     <PropertyGroup Label="Scripts">
-        <PowerShellExe Condition=" '$(PowerShellExe)' == '' ">C:\Program Files\PowerShell\7\pwsh.exe</PowerShellExe>
+        <PowerShellExe Condition=" '$(PowerShellExe)' == '' ">powershell.exe</PowerShellExe>
         <GetExtensionVersionScriptPath>$(ScriptsDirectory)\Get-ExtensionVersion.ps1</GetExtensionVersionScriptPath>
         <RollbackScriptPath>$(ScriptsDirectory)\Rollback.ps1</RollbackScriptPath>
         <SetPublisherInfoScriptPath>$(ScriptsDirectory)\Set-PublisherInfo.ps1</SetPublisherInfoScriptPath>
@@ -77,55 +87,78 @@
             Text="Invalid Configuration given: $(Configuration). Valid values are: debug, release" />
     </Target>
 
-    <Target Name="Clean">
+    <Target Name="Clean" DependsOnTargets="CleanTests">
         <Message Text="Deleting staging directory: $(StagingDirectory)" />
         <RemoveDir Directories="$(StagingDirectory)" Condition="Exists('$(StagingDirectory)')" />
 
         <Message Text="Deleting output directory: $(OutputDirectory)" />
         <RemoveDir Directories="$(OutputDirectory)" Condition="Exists('$(OutputDirectory)')" />
     </Target>
 
+    <Target Name="CleanTests">
+        <ItemGroup>
+            <CompiledTestFiles Include="$(TestDirectory)\**\*.js" />
+            <CompiledTestFiles Include="$(TestDirectory)\**\*.js.map" />
+        </ItemGroup>
+        <Delete Files="@(CompiledTestFiles)" />
+        <RemoveDir Directories="$(TestStagingDirectory)" />
+    </Target>
+
     <Target
-        Name="NpmInstall-SrcDirectory"
-        Inputs="$(SrcDirectory)"
-        Outputs="$(SrcNodeModulesDirectory)"
-        Condition=" '$(NpmInstall)' == 'true' ">
-        <Message Text="Intstalling npm packages in source directory: $(SrcDirectory)..." />
-        <Exec Command="npm install" WorkingDirectory="$(SrcDirectory)" />
-        <Delete Files="$(RepoDirectory)/package-lock.json" Condition=" Exists('$(RepoDirectory)/package-lock.json') " />
+        Name="NpmInstall-RepoDirectory"
+        Inputs="$(RepoDirectory)"
+        Outputs="$(RepoNodeModulesDirectory)"
+        Condition=" '$(NpmInstall)' == 'true' AND ('$(ForceNpmInstall)' == 'true' OR EXISTS('$(RepoNodeModulesDirectory)') != 'true')">
+        <Message Text="Intstalling npm packages in repo directory: $(RepoDirectory)..." />
+        <Exec Command="npm install" WorkingDirectory="$(RepoDirectory)" />
     </Target>
 
-    <Target Name="Compile" DependsOnTargets="Clean;NpmInstall-SrcDirectory">
+    <Target
+        Name="CompileTsc"
+        Condition=" '$(SkipCompileTsc)' != 'true' ">
         <Message Text="Compiling Microsoft Security DevOps for Azure DevOps Extension" />
         <Exec Command="npx tsc --outDir &quot;$(StagingDirectory)&quot;" WorkingDirectory="$(SrcDirectory)" />
     </Target>
 
     <Target
-        Name="NpmInstall-LibDirectory"
-        Inputs="$(LibDirectory)"
-        Outputs="$(LibDirectory)\node_modules"
-        Condition=" '$(NpmInstall)' == 'true' ">
+        Name="Compile"
+        DependsOnTargets="Clean;NpmInstall-RepoDirectory;CompileTsc"
+        Condition=" '$(SkipCompile)' != 'true' ">
         <PropertyGroup>
+            <RepoPackageJsonFilePath>$(RepoDirectory)\package.json</RepoPackageJsonFilePath>
             <SrcNpmrcFilePath>$(SrcDirectory)\.npmrc</SrcNpmrcFilePath>
-            <SrcPackageJsonFilePath>$(SrcDirectory)\package.json</SrcPackageJsonFilePath>
-            <StagingNodeModulesBinDirectory>$(LibNodeModulesDirectory)\.bin</StagingNodeModulesBinDirectory>
-            <StagingPackageLockJsonFilePath>$(LibNodeModulesDirectory)\.package-lock.json</StagingPackageLockJsonFilePath>
         </PropertyGroup>
 
+        <Copy SourceFiles="$(RepoPackageJsonFilePath)" DestinationFiles="$(LibDirectory)\package.json" />
         <Copy SourceFiles="$(SrcNpmrcFilePath)" DestinationFiles="$(LibDirectory)\.npmrc" />
-        <Copy SourceFiles="$(SrcPackageJsonFilePath)" DestinationFiles="$(LibDirectory)\package.json" />
+    </Target>
 
+    <Target Name="CompileTests" DependsOnTargets="CleanTests;NpmInstall-RepoDirectory">
+        <Message Text="Compiling tests" />
+        <Exec Command="npx tsc --outDir &quot;$(TestStagingDirectory)&quot;"  WorkingDirectory="$(TestDirectory)" />
+    </Target>
+
+    <Target
+        Name="NpmInstall-LibDirectory"
+        Inputs="$(LibDirectory)"
+        Outputs="$(LibDirectory)\node_modules"
+        Condition=" '$(NpmInstall)' == 'true' AND ('$(ForceNpmInstall)' == 'true' OR EXISTS('$(LibDirectory)\node_modules') != 'true') ">
         <Message Text="Installing npm packages staging directory: $(StagingDirectory)..." />
         <Exec Command="npm install --production" WorkingDirectory="$(StagingDirectory)" />
-
-        <RemoveDir Directories="$(StagingNodeModulesBinDirectory)" Condition=" Exists('$(StagingNodeModulesBinDirectory)') " />
-        <Delete Files="$(StagingPackageLockJsonFilePath)" Condition=" Exists('$(StagingPackageLockJsonFilePath)') " />
-        <Delete Files="$(RepoDirectory)/package-lock.json" Condition=" Exists('$(RepoDirectory)/package-lock.json') " />
     </Target>
 
     <Target Name="Stage" DependsOnTargets="NpmInstall-LibDirectory">
+        <PropertyGroup>
+            <StagingNodeModulesBinDirectory>$(LibNodeModulesDirectory)\.bin</StagingNodeModulesBinDirectory>
+            <StagingPackageLockJsonFilePath>$(LibNodeModulesDirectory)\.package-lock.json</StagingPackageLockJsonFilePath>
+        </PropertyGroup>
+
         <Message Text="Staging extension files to directory: $(StagingDirectory)" />
 
+        <RemoveDir Directories="$(StagingNodeModulesBinDirectory)" Condition=" Exists('$(StagingNodeModulesBinDirectory)') " />
+        <Delete Files="$(StagingPackageLockJsonFilePath)" Condition=" Exists('$(StagingPackageLockJsonFilePath)') " />
+        <Delete Files="$(RepoDirectory)/package-lock.json" Condition=" Exists('$(RepoDirectory)/package-lock.json') " />
+
         <!-- Copy the Extension files -->
         <Copy SourceFiles="$(ExtensionManifestFilePath)" DestinationFiles="$(StagedExtensionManifestFilePath)" />
         <Copy SourceFiles="$(ExtensionIconFilePath)" DestinationFiles="$(StagingDirectory)\icon.png" />
@@ -203,6 +236,22 @@
 
     </Target>
 
+    <Target Name="CopyTestHelpers" DependsOnTargets="CompileTests;Stage-BuildTask">
+        <Message Text="Copy Test Helper files to: $(TestStagingDirectory)" />
+
+        <ItemGroup>
+            <TestHelperFiles Include="$(TestDirectory)\**\*.json" />
+        </ItemGroup>
+
+        <Copy SourceFiles="$(BuildTaskSourceFolder)\task.json" DestinationFiles="$(TestStagingDirectory)\task.json" />
+        <Copy SourceFiles="@(TestHelperFiles)" DestinationFolder="$(TestStagingDirectory)\%(RecursiveDir)" SkipUnchangedFiles="true" />
+    </Target>
+
+    <Target Name="Test" Condition=" '$(RunTests)' == 'true' " DependsOnTargets="CopyTestHelpers">
+        <Message Text="Compiling Microsoft Security DevOps for Azure DevOps Extension" />
+        <Exec Command="npx mocha **/*.tests.js" WorkingDirectory="$(TestStagingDirectory)" />
+    </Target>
+
     <Target Name="Ext-Prep" Condition=" '$(Configuration)' == 'debug' ">
         <Message Text="Updating publisher information..." />
         <Exec Command="&quot;$(PowerShellExe)&quot; -NonInteractive -NoProfile -ExecutionPolicy Unrestricted -Command &quot;&amp; { &amp; '$(SetPublisherInfoScriptPath)' -ManifestPath '$(StagedExtensionManifestFilePath)' -StagingDirectory '$(StagingDirectory)' -PublishersDirectory '$(PublishersDirectory)' -PublisherName '$(PublisherName)' } &quot;" />
@@ -224,7 +273,7 @@
             WorkingDirectory="$(StagingDirectory)" />
     </Target>
 
-    <Target Name="Build" DependsOnTargets="ValidateConfiguration;Compile;Stage;Ext-Build"></Target>
+    <Target Name="Build" DependsOnTargets="ValidateConfiguration;Compile;Stage;Test;Ext-Build"></Target>
 
     <Target Name="Ext-GetRollbackVersion">
         <Message Text="Getting rollback extension version..." />

diff --git a/package.json b/package.json
@@ -0,0 +1,31 @@
+{
+    "name": "microsoft-security-devops-azdevops",
+    "version": "1.7.2",
+    "description": "Microsoft Security DevOps for Azure DevOps.",
+    "author": "Microsoft Corporation",
+    "license": "MIT",
+    "repository": "https://github.com/microsoft/microsoft-security-devops-azdevops",
+    "scripts": {
+        "build": "dotnet build ./build.proj",
+        "compile": "dotnet build ./build.proj /t:Compile",
+        "compile-tests": "dotnet build ./build.proj /t:CopyTestHelpers",
+        "compile-and-test": "dotnet build ./build.proj /t:Test /p:RunTests=true",
+        "test": "npx mocha **/*.tests.js"
+    },
+    "dependencies": {
+        "@microsoft/security-devops-azdevops-task-lib": "1.7.2",
+        "azure-pipelines-task-lib": "4.3.1",
+        "azure-pipelines-tool-lib": "2.0.4"
+    },
+    "devDependencies": {
+        "@types/mocha": "^10.0.1",
+        "@types/mockery": "^1.4.30",
+        "@types/node": "^20.3.1",
+        "@types/q": "^1.5.5",
+        "@types/sinon": "^10.0.15",
+        "mocha": "^10.2.0",
+        "sinon": "^15.2.0",
+        "tfx-cli": "^0.15.0",
+        "typescript": "^5.1.3"
+    }
+}
diff --git a/scripts/ConvertTo-Hashtable.psm1 b/scripts/ConvertTo-Hashtable.psm1
@@ -117,4 +117,4 @@ Function ConvertTo-Hashtable
 Export-ModuleMember -Function @(
     'ConvertTo-Hashtable',
     'Convert-HashtablesInArrays'
-)
+)
diff --git a/scripts/Get-ExtensionVersion.ps1 b/scripts/Get-ExtensionVersion.ps1
@@ -6,4 +6,4 @@ Param
 )
 
 $extensionJson = Get-Content -Path $FilePath -Raw | ConvertFrom-Json
-Write-Output $extensionJson.version
+Write-Output $extensionJson.version
diff --git a/scripts/Set-PublisherInfo.ps1 b/scripts/Set-PublisherInfo.ps1
@@ -224,4 +224,4 @@ $manifest.publisher = $publisherInfo.publisher
 $manifest | ConvertTo-Json -Depth 99 | Out-File -Encoding utf8 -Force -FilePath $ManifestPath
 Write-Host "Manifest file updated with info for publisher: $($publisherInfo.publisher)"
 
-& $updateExtensionVersionFilePath -FilePath $ManifestPath -Rev -Count $publisherInfo.count
+& $updateExtensionVersionFilePath -FilePath $ManifestPath -Rev -Count $publisherInfo.count
diff --git a/scripts/Test-VersionString.psm1 b/scripts/Test-VersionString.psm1
@@ -174,4 +174,4 @@ Export-ModuleMember -Function @(
     'Test-VersionString',
     'Get-VersionFromString',
     'Test-LatestVersionString'
-)
+)
diff --git a/scripts/Update-BuildTaskVersion.ps1 b/scripts/Update-BuildTaskVersion.ps1
@@ -80,4 +80,4 @@ Get-Content -Path $FilePath | ForEach-Object {
     $lines += $line
 }
 
-[System.IO.File]::WriteAllLines($FilePath, $lines)
+[System.IO.File]::WriteAllLines($FilePath, $lines)
diff --git a/scripts/Update-BuildTaskVersions.ps1 b/scripts/Update-BuildTaskVersions.ps1
@@ -74,4 +74,4 @@ Get-ChildItem -Path $targetDirectory -Include @('task.json', 'task.loc.json', 't
             break
         }
     }
-}
+}
-Original file line number
+Diff line change
@@ Expand Up @@
                 break
             }
         }
-    }
+    }