Sync eng/common directory with azure-sdk-tools for PR 2686 (Azure#22971)

azure-sdk · sima-zhu · benbp · web-flow · commit 231c093fd08d · 2022-02-08T12:57:49.000-08:00
* Add common template for credscan step

* Update eng/common/pipelines/templates/steps/credscan.yml

Co-authored-by: Ben Broderick Phillips &lt;ben@benbp.net&gt;

* Update eng/common/pipelines/templates/steps/credscan.yml

Co-authored-by: Ben Broderick Phillips &lt;ben@benbp.net&gt;

* Update eng/common/pipelines/templates/steps/credscan.yml

Co-authored-by: Ben Broderick Phillips &lt;ben@benbp.net&gt;

* Update eng/common/pipelines/templates/steps/credscan.yml

Co-authored-by: Ben Broderick Phillips &lt;ben@benbp.net&gt;

* Update eng/common/pipelines/templates/steps/credscan.yml

Co-authored-by: Ben Broderick Phillips &lt;ben@benbp.net&gt;

* Update eng/common/pipelines/templates/steps/credscan.yml

Co-authored-by: Ben Broderick Phillips &lt;ben@benbp.net&gt;

* Update eng/common/pipelines/templates/steps/credscan.yml

Co-authored-by: Ben Broderick Phillips &lt;ben@benbp.net&gt;

* Update eng/common/pipelines/templates/steps/credscan.yml

Co-authored-by: Ben Broderick Phillips &lt;ben@benbp.net&gt;

* Added the source directory parameter

* Update eng/common/pipelines/templates/steps/credscan.yml

Co-authored-by: Wes Haggard &lt;weshaggard@users.noreply.github.com&gt;

* Update eng/common/pipelines/templates/steps/credscan.yml

Co-authored-by: Wes Haggard &lt;weshaggard@users.noreply.github.com&gt;

* Update eng/common/pipelines/templates/steps/credscan.yml

Co-authored-by: Wes Haggard &lt;weshaggard@users.noreply.github.com&gt;

* Update eng/common/pipelines/templates/steps/credscan.yml

Co-authored-by: Wes Haggard &lt;weshaggard@users.noreply.github.com&gt;

* Update credscan.yml

* Update eng/common/pipelines/templates/steps/credscan.yml

Co-authored-by: Wes Haggard &lt;weshaggard@users.noreply.github.com&gt;

Co-authored-by: sima-zhu &lt;sizhu@microsoft.com&gt;
Co-authored-by: Sima Zhu &lt;48036328+sima-zhu@users.noreply.github.com&gt;
Co-authored-by: Ben Broderick Phillips &lt;ben@benbp.net&gt;
Co-authored-by: Wes Haggard &lt;weshaggard@users.noreply.github.com&gt;
diff --git a/eng/common/pipelines/templates/steps/credscan.yml b/eng/common/pipelines/templates/steps/credscan.yml
@@ -0,0 +1,40 @@
+parameters:
+  SuppressionFilePath: 'eng/CredScanSuppression.json'
+  BaselineFilePath: ''
+  SourceDirectory: $(Build.SourcesDirectory)
+  ServiceDirectory: ''
+
+steps:
+- pwsh: |
+    if ("$(Build.Reason)" -eq 'PullRequest') {
+      (git diff "origin/$(System.PullRequest.TargetBranch)" HEAD --name-only)
+      | ForEach-Object { Add-Content -Path "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$_"}
+    }
+    else {
+      Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/sdk/${{ parameters.ServiceDirectory }}"
+    }
+    Get-Content "${{ parameters.SourceDirectory }}/credscan.tsv"
+  displayName: CredScan setup
+- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
+  displayName: CredScan running
+  inputs:
+    toolMajorVersion: V2
+    toolVersion: latest
+    scanFolder: "${{ parameters.SourceDirectory }}/credscan.tsv"
+    suppressionsFile: ${{ parameters.SuppressionFilePath }}
+- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
+  displayName: CredScan result analysis
+  inputs:
+    GdnBreakBaselineFiles: ${{ parameters.BaselineFilePath }}
+    GdnBreakAllTools: false
+    GdnBreakGdnToolCredScan: true
+    GdnBreakGdnToolCredScanSeverity: Error
+    GdnBreakBaselines: baseline
+    # Used for generating baseline file.
+    # GdnBreakOutputBaselineFile: dotnet
+    # GdnBreakOutputBaseline: baseline
+  condition: succeededOrFailed()
+- pwsh: |
+    Write-Host "Please check https://aka.ms/azsdk/credscan for more information about the cred scan failure."
+  displayName: CredScan troubleshooting guide
+  condition: failed()
