Skip to content

Commit c802862

Browse files
wanlonghenrywanlonghenry
authored
Pipeline scanner and drop adjustment (#1453)
* add AcceptableOutdatedSignatureInHours * Update ci-arc-k8s-extension-prod-release.yaml for Azure Pipelines * Update ci-aks-prod-release.yaml for Azure Pipelines * Update ci-arc-k8s-extension-prod-release.yaml for Azure Pipelines * Update ci-aks-prod-release.yaml for Azure Pipelines * update * Update ci-aks-prod-release.yaml for Azure Pipelines
1 parent 0d5ca4a commit c802862

File tree

3 files changed

+34
-45
lines changed

3 files changed

+34
-45
lines changed

.pipelines/azure_pipeline_mergedbranches.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -870,4 +870,5 @@ extends:
870870
InputType: Basic
871871
ScanType: CustomScan
872872
FileDirPath: '$(Build.ArtifactStagingDirectory)'
873-
DisableRemediation: false
873+
DisableRemediation: false
874+
AcceptableOutdatedSignatureInHours: 72

.pipelines/ci-aks-prod-release.yaml

Lines changed: 20 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -98,14 +98,13 @@ stages:
9898
- task: DownloadPipelineArtifact@2
9999
displayName: ⏬ Pipeline Artifact Download
100100
inputs:
101-
artifactName: ev2Artifact
102101
buildType: specific
103-
project: $(resources.pipeline._ci-arc-k8s-extension-prod-release.projectID)
104-
definition: $(resources.pipeline._ci-arc-k8s-extension-prod-release.pipelineID)
102+
project: $(resources.pipeline._ci-aks-prod-release.projectID)
103+
definition: $(resources.pipeline._ci-aks-prod-release.pipelineID)
105104
allowFailedBuilds: false
106105
buildVersionToDownload: specific
107-
pipelineId: $(resources.pipeline._ci-arc-k8s-extension-prod-release.runID)
108-
pipeline: _ci-arc-k8s-extension-prod-release
106+
pipelineId: $(resources.pipeline._ci-aks-prod-release.runID)
107+
pipeline: _ci-aks-prod-release
109108
target:
110109
container: host
111110
- task: [email protected]
@@ -305,14 +304,13 @@ stages:
305304
- task: DownloadPipelineArtifact@2
306305
displayName: ⏬ Pipeline Artifact Download
307306
inputs:
308-
artifactName: ev2Artifact
309307
buildType: specific
310-
project: $(resources.pipeline._ci-arc-k8s-extension-prod-release.projectID)
311-
definition: $(resources.pipeline._ci-arc-k8s-extension-prod-release.pipelineID)
308+
project: $(resources.pipeline._ci-aks-prod-release.projectID)
309+
definition: $(resources.pipeline._ci-aks-prod-release.pipelineID)
312310
allowFailedBuilds: false
313311
buildVersionToDownload: specific
314-
pipelineId: $(resources.pipeline._ci-arc-k8s-extension-prod-release.runID)
315-
pipeline: _ci-arc-k8s-extension-prod-release
312+
pipelineId: $(resources.pipeline._ci-aks-prod-release.runID)
313+
pipeline: _ci-aks-prod-release
316314
targetPath: $(Pipeline.Workspace)/ev2Artifact
317315
target:
318316
container: host
@@ -324,7 +322,7 @@ stages:
324322
env:
325323
SBOMVALIDATOR_TEMPIGNOREMISSING: true
326324
inputs:
327-
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact
325+
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact/linux-drop
328326
OutputPath: $(Agent.TempDirectory)/sbom_validation_results.json
329327
ValidateSignature: True
330328
Verbosity: 'Verbose'
@@ -345,7 +343,7 @@ stages:
345343
target:
346344
container: host
347345
env:
348-
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact
346+
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact/linux-drop
349347
IsProduction: True
350348
OneES_ArtifactType: $(DownloadPipelineArtifactResourceTypes)
351349
inputs:
@@ -387,7 +385,6 @@ stages:
387385
displayName: Set CDPX Linux Tag
388386
inputs:
389387
targetType: inline
390-
filePath: $(System.DefaultWorkingDirectory)/_docker-provider-Official-ci_dev/drop
391388
script: |
392389
# Write your commands here
393390
@@ -397,13 +394,12 @@ stages:
397394
set +x
398395
echo "##vso[task.setvariable variable=CDPXLinuxTag;]$LINUX_TAG"
399396
set -x
400-
workingDirectory: $(System.DefaultWorkingDirectory)/_ContainerInsights-MultiArch-MergedBranches/drop/linux/
397+
workingDirectory: $(Pipeline.Workspace)/ev2Artifact/linux-drop/linux
401398
failOnStderr: true
402399
- task: Bash@3
403400
displayName: Set CDPX Windows Tag
404401
inputs:
405402
targetType: inline
406-
filePath: $(System.DefaultWorkingDirectory)/_docker-provider-Official-ci_dev/drop
407403
script: |+
408404
# Write your commands here
409405
@@ -414,7 +410,7 @@ stages:
414410
echo "##vso[task.setvariable variable=CDPXWindowsTag;]$WINDOWS_TAG"
415411
set -x
416412
417-
workingDirectory: $(System.DefaultWorkingDirectory)/_ContainerInsights-MultiArch-MergedBranches/drop/windows/
413+
workingDirectory: $(Pipeline.Workspace)/ev2Artifact/windows-drop/windows
418414
failOnStderr: true
419415
- task: vsrm-ev2.vss-services-ev2.adm-release-task.ExpressV2Internal@1
420416
inputs:
@@ -546,14 +542,13 @@ stages:
546542
- task: DownloadPipelineArtifact@2
547543
displayName: ⏬ Pipeline Artifact Download
548544
inputs:
549-
artifactName: ev2Artifact
550545
buildType: specific
551-
project: $(resources.pipeline._ci-arc-k8s-extension-prod-release.projectID)
552-
definition: $(resources.pipeline._ci-arc-k8s-extension-prod-release.pipelineID)
546+
project: $(resources.pipeline._ci-aks-prod-release.projectID)
547+
definition: $(resources.pipeline._ci-aks-prod-release.pipelineID)
553548
allowFailedBuilds: false
554549
buildVersionToDownload: specific
555-
pipelineId: $(resources.pipeline._ci-arc-k8s-extension-prod-release.runID)
556-
pipeline: _ci-arc-k8s-extension-prod-release
550+
pipelineId: $(resources.pipeline._ci-aks-prod-release.runID)
551+
pipeline: _ci-aks-prod-release
557552
target:
558553
container: host
559554
- task: AzureArtifacts.drop-validator-task.drop-validator-task.DropValidatorTask@0
@@ -823,14 +818,13 @@ stages:
823818
- task: DownloadPipelineArtifact@2
824819
displayName: ⏬ Pipeline Artifact Download
825820
inputs:
826-
artifactName: ev2Artifact
827821
buildType: specific
828-
project: $(resources.pipeline._ci-arc-k8s-extension-prod-release.projectID)
829-
definition: $(resources.pipeline._ci-arc-k8s-extension-prod-release.pipelineID)
822+
project: $(resources.pipeline._ci-aks-prod-release.projectID)
823+
definition: $(resources.pipeline._ci-aks-prod-release.pipelineID)
830824
allowFailedBuilds: false
831825
buildVersionToDownload: specific
832-
pipelineId: $(resources.pipeline._ci-arc-k8s-extension-prod-release.runID)
833-
pipeline: _ci-arc-k8s-extension-prod-release
826+
pipelineId: $(resources.pipeline._ci-aks-prod-release.runID)
827+
pipeline: _ci-aks-prod-release
834828
target:
835829
container: host
836830
- task: [email protected]

.pipelines/ci-arc-k8s-extension-prod-release.yaml

Lines changed: 12 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -179,7 +179,6 @@ stages:
179179
- task: DownloadPipelineArtifact@2
180180
displayName: ⏬ Pipeline Artifact Download
181181
inputs:
182-
artifactName: ev2Artifact
183182
buildType: specific
184183
project: $(resources.pipeline._ci-arc-k8s-extension-prod-release.projectID)
185184
definition: $(resources.pipeline._ci-arc-k8s-extension-prod-release.pipelineID)
@@ -198,7 +197,7 @@ stages:
198197
env:
199198
SBOMVALIDATOR_TEMPIGNOREMISSING: true
200199
inputs:
201-
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact
200+
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact/linux-drop
202201
OutputPath: $(Agent.TempDirectory)/sbom_validation_results.json
203202
ValidateSignature: True
204203
Verbosity: 'Verbose'
@@ -219,7 +218,7 @@ stages:
219218
target:
220219
container: host
221220
env:
222-
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact
221+
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact/linux-drop
223222
IsProduction: True
224223
OneES_ArtifactType: $(DownloadPipelineArtifactResourceTypes)
225224
inputs:
@@ -443,7 +442,6 @@ stages:
443442
- task: DownloadPipelineArtifact@2
444443
displayName: ⏬ Pipeline Artifact Download
445444
inputs:
446-
artifactName: ev2Artifact
447445
buildType: specific
448446
project: $(resources.pipeline._ci-arc-k8s-extension-prod-release.projectID)
449447
definition: $(resources.pipeline._ci-arc-k8s-extension-prod-release.pipelineID)
@@ -462,7 +460,7 @@ stages:
462460
env:
463461
SBOMVALIDATOR_TEMPIGNOREMISSING: true
464462
inputs:
465-
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact
463+
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact/linux-drop
466464
OutputPath: $(Agent.TempDirectory)/sbom_validation_results.json
467465
ValidateSignature: True
468466
Verbosity: 'Verbose'
@@ -483,7 +481,7 @@ stages:
483481
target:
484482
container: host
485483
env:
486-
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact
484+
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact/linux-drop
487485
IsProduction: True
488486
OneES_ArtifactType: $(DownloadPipelineArtifactResourceTypes)
489487
inputs:
@@ -708,7 +706,6 @@ stages:
708706
- task: DownloadPipelineArtifact@2
709707
displayName: ⏬ Pipeline Artifact Download
710708
inputs:
711-
artifactName: ev2Artifact
712709
buildType: specific
713710
project: $(resources.pipeline._ci-arc-k8s-extension-prod-release.projectID)
714711
definition: $(resources.pipeline._ci-arc-k8s-extension-prod-release.pipelineID)
@@ -727,7 +724,7 @@ stages:
727724
env:
728725
SBOMVALIDATOR_TEMPIGNOREMISSING: true
729726
inputs:
730-
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact
727+
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact/linux-drop
731728
OutputPath: $(Agent.TempDirectory)/sbom_validation_results.json
732729
ValidateSignature: True
733730
Verbosity: 'Verbose'
@@ -748,7 +745,7 @@ stages:
748745
target:
749746
container: host
750747
env:
751-
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact
748+
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact/linux-drop
752749
IsProduction: True
753750
OneES_ArtifactType: $(DownloadPipelineArtifactResourceTypes)
754751
inputs:
@@ -973,7 +970,6 @@ stages:
973970
- task: DownloadPipelineArtifact@2
974971
displayName: ⏬ Pipeline Artifact Download
975972
inputs:
976-
artifactName: ev2Artifact
977973
buildType: specific
978974
project: $(resources.pipeline._ci-arc-k8s-extension-prod-release.projectID)
979975
definition: $(resources.pipeline._ci-arc-k8s-extension-prod-release.pipelineID)
@@ -992,7 +988,7 @@ stages:
992988
env:
993989
SBOMVALIDATOR_TEMPIGNOREMISSING: true
994990
inputs:
995-
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact
991+
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact/linux-drop
996992
OutputPath: $(Agent.TempDirectory)/sbom_validation_results.json
997993
ValidateSignature: True
998994
Verbosity: 'Verbose'
@@ -1013,7 +1009,7 @@ stages:
10131009
target:
10141010
container: host
10151011
env:
1016-
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact
1012+
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact/linux-drop
10171013
IsProduction: True
10181014
OneES_ArtifactType: $(DownloadPipelineArtifactResourceTypes)
10191015
inputs:
@@ -1238,7 +1234,6 @@ stages:
12381234
- task: DownloadPipelineArtifact@2
12391235
displayName: ⏬ Pipeline Artifact Download
12401236
inputs:
1241-
artifactName: ev2Artifact
12421237
buildType: specific
12431238
project: $(resources.pipeline._ci-arc-k8s-extension-prod-release.projectID)
12441239
definition: $(resources.pipeline._ci-arc-k8s-extension-prod-release.pipelineID)
@@ -1257,7 +1252,7 @@ stages:
12571252
env:
12581253
SBOMVALIDATOR_TEMPIGNOREMISSING: true
12591254
inputs:
1260-
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact
1255+
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact/linux-drop
12611256
OutputPath: $(Agent.TempDirectory)/sbom_validation_results.json
12621257
ValidateSignature: True
12631258
Verbosity: 'Verbose'
@@ -1278,7 +1273,7 @@ stages:
12781273
target:
12791274
container: host
12801275
env:
1281-
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact
1276+
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact/linux-drop
12821277
IsProduction: True
12831278
OneES_ArtifactType: $(DownloadPipelineArtifactResourceTypes)
12841279
inputs:
@@ -1526,7 +1521,6 @@ stages:
15261521
- task: DownloadPipelineArtifact@2
15271522
displayName: ⏬ Pipeline Artifact Download
15281523
inputs:
1529-
artifactName: ev2Artifact
15301524
buildType: specific
15311525
project: $(resources.pipeline._ci-arc-k8s-extension-prod-release.projectID)
15321526
definition: $(resources.pipeline._ci-arc-k8s-extension-prod-release.pipelineID)
@@ -1545,7 +1539,7 @@ stages:
15451539
env:
15461540
SBOMVALIDATOR_TEMPIGNOREMISSING: true
15471541
inputs:
1548-
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact
1542+
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact/linux-drop
15491543
OutputPath: $(Agent.TempDirectory)/sbom_validation_results.json
15501544
ValidateSignature: True
15511545
Verbosity: 'Verbose'
@@ -1566,7 +1560,7 @@ stages:
15661560
target:
15671561
container: host
15681562
env:
1569-
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact
1563+
BuildDropPath: $(Pipeline.Workspace)/ev2Artifact/linux-drop
15701564
IsProduction: True
15711565
OneES_ArtifactType: $(DownloadPipelineArtifactResourceTypes)
15721566
inputs:

0 commit comments

Comments
 (0)