release/vNext (#60)

* Upgrade dependencies

* Upgrade to codeql-action v2

* Point wiki to the new codql-action v2

* Upgarde to node16 actions in samples

* Remove on PR sample build

* Consume updates to use REST API to install MSDO CLI (#55)

* v1.7.0-beta.3

* v1.7.0-beta.3 - remove dotnet install from sample pipelines

* v1.7.0-beta.3 - update defaults

* v1.7.0-beta.3 - reference exported functions

* v1.7.0-beta.3 - reference common.isNullOrWhiteSpace

* v1.7.0-beta.4 - fix lib errors

* v1.7.0 - set license

* Dev/davidknise/sample matrix os (#62)

* Update samples to use strategy matrix for multi-os verification

* Use @v1 branch in the sample repo

* v1.7.0 - use release version of actions toolkit

* Use gulp.js for building

* v1.7.0 - fix name of on push verification pipeline

* v1.7.0 - fix name of on push verification pipeline

Signed-off-by: David Knise <[email protected]>

* Rename enable-pr-annotations to enable-pr-annotations.yml

Signed-off-by: prashmo <[email protected]>
Signed-off-by: David Knise <[email protected]>

* Update README.md

Updating supported IaC files

Signed-off-by: JTT <[email protected]>
Signed-off-by: David Knise <[email protected]>

* Upgrade dependencies

Signed-off-by: David Knise <[email protected]>

* Upgrade to codeql-action v2

Signed-off-by: David Knise <[email protected]>

* Point wiki to the new codql-action v2

Signed-off-by: David Knise <[email protected]>

* Upgarde to node16 actions in samples

Signed-off-by: David Knise <[email protected]>

* Remove on PR sample build

Signed-off-by: David Knise <[email protected]>

* Add AntiMalware to README.md

Signed-off-by: David Knise <[email protected]>

* Consume updates to use REST API to install MSDO CLI (#55)

Signed-off-by: David Knise <[email protected]>

* v1.7.0-beta.3

Signed-off-by: David Knise <[email protected]>

* v1.7.0-beta.3 - remove dotnet install from sample pipelines

Signed-off-by: David Knise <[email protected]>

* v1.7.0-beta.3 - update defaults

Signed-off-by: David Knise <[email protected]>

* v1.7.0-beta.3 - reference exported functions

Signed-off-by: David Knise <[email protected]>

* v1.7.0-beta.3 - reference common.isNullOrWhiteSpace

Signed-off-by: David Knise <[email protected]>

* v1.7.0-beta.4 - fix lib errors

Signed-off-by: David Knise <[email protected]>

* v1.7.0 - set license

Signed-off-by: David Knise <[email protected]>

* Dev/davidknise/sample matrix os (#62)

* Update samples to use strategy matrix for multi-os verification

* Use @v1 branch in the sample repo

Signed-off-by: David Knise <[email protected]>

* v1.7.0 - use release version of actions toolkit

Signed-off-by: David Knise <[email protected]>

* Use gulp.js for building

Signed-off-by: David Knise <[email protected]>

* v1.7.0 - fix name of on push verification pipeline

Signed-off-by: David Knise <[email protected]>

---------

Signed-off-by: David Knise <[email protected]>
Signed-off-by: prashmo <[email protected]>
Signed-off-by: JTT <[email protected]>
Co-authored-by: Jiandong Jiang <[email protected]>
Co-authored-by: prashmo <[email protected]>
Co-authored-by: JTT <[email protected]>
Co-authored-by: Jiandong Jiang <[email protected]>

Author: 4 people

.github/workflows/enable-pr-annotations.yml

@@ -1,29 +1,25 @@
 # pull request action verification
 
-name: MSDO on-push-verification windows-latest
-on: push
+name: MSDO On Push Verification
+on:
+  push:
+    branches:
+      - '*'
 
 jobs:
   sample:
-    name: Microsoft Security DevOps Analysis
+    name: MSDO on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
 
-    # MSDO runs on windows-latest.
-    # ubuntu-latest and macos-latest supporting coming soon
-    runs-on: windows-latest
+    strategy:
+      matrix:
+        os: [windows-latest, ubuntu-latest]
 
     steps:
 
       # Checkout your code repository to scan
     - uses: actions/checkout@v3
 
-      # Install dotnet, used by MSDO
-    - uses: actions/setup-dotnet@v3
-      with:
-        dotnet-version: |
-          3.1.x
-          5.0.x
-          6.0.x
-
       # Run analyzers
     - name: Run Microsoft Security DevOps Analysis
       uses: ./

.github/workflows/on-push-verification.yml

@@ -1,33 +1,26 @@
-name: MSDO ubuntu-latest
+name: MSDO Sample Workflow
 on:
   push:
     branches:
       - main
 
 jobs:
   sample:
-    name: Microsoft Security DevOps Analysis
+    name: MSDO on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
 
-    # MSDO runs on windows-latest.
-    # ubuntu-latest and macos-latest supporting coming soon
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [windows-latest, ubuntu-latest]
 
     steps:
 
       # Checkout your code repository to scan
     - uses: actions/checkout@v3
 
-      # Install dotnet, used by MSDO
-    - uses: actions/setup-dotnet@v3
-      with:
-        dotnet-version: |
-          3.1.x
-          5.0.x
-          6.0.x
-
       # Run analyzers
     - name: Run Microsoft Security DevOps Analysis
-      uses: microsoft/security-devops-action@preview
+      uses: microsoft/security-devops-action@v1
       id: msdo
 
       # Upload alerts to the Security tab

.github/workflows/sample-workflow-windows-latest.yml

@@ -0,0 +1,2 @@
+registry=https://registry.npmjs.org/
+@microsoft:registry=https://npm.pkg.github.com/

…kflows/sample-workflow-ubuntu-latest.yml .github/workflows/sample-workflow.yml.github/workflows/sample-workflow-ubuntu-latest.yml renamed to .github/workflows/sample-workflow.yml .github/workflows/sample-workflow-ubuntu-latest.yml renamed to .github/workflows/sample-workflow.yml

@@ -4,8 +4,7 @@ Microsoft Security DevOps (MSDO) is a command line application which integrates
 
 Run locally. Run remotely.
 
-![Microsoft Security DevOps windows-latest](https://github.com/microsoft/security-devops-action/workflows/MSDO%20windows-latest/badge.svg)  
-![Microsoft Security DevOps ubuntu-latest](https://github.com/microsoft/security-devops-action/workflows/MSDO%20ubuntu-latest/badge.svg)
+![Microsoft Security DevOps](https://github.com/microsoft/security-devops-action/workflows/MSDO%20Sample%20Workflow/badge.svg)  
 
 This action runs the [Microsoft Security DevOps CLI](https://aka.ms/msdo-nuget) for security analysis:
 
@@ -17,10 +16,6 @@ This action runs the [Microsoft Security DevOps CLI](https://aka.ms/msdo-nuget)
 * Normalized processing of results into the SARIF format
 * Build breaks and more
 
-# Limitations
-
-The Microsoft Security DevOps action is currently in beta and runs on the `windows-latest` queue, as well as Windows self hosted agents. `ubuntu-latest` support coming soon.
-
 # Usage
 
 See [action.yml](action.yml)
@@ -31,19 +26,12 @@ Run **Microsoft Security DevOps (MSDO)** with the default policy and recommended
 
 ```yaml
 steps:
+
 - uses: actions/checkout@v3
-- uses: actions/setup-dotnet@v3
-  with:
-    dotnet-version: |
-      5.0.x
-      6.0.x
+
 - name: Run Microsoft Security DevOps
-  uses: microsoft/security-devops-action@preview
+  uses: microsoft/security-devops-action@v1
   id: msdo
-- name: Upload results to Security tab
-  uses: github/codeql-action/upload-sarif@v2
-  with:
-    sarif_file: ${{ steps.msdo.outputs.sarifFile }}
 ```
 
 ## Upload Results to the Security tab

.npmrc

@@ -0,0 +1,24 @@
+const gulp = require('gulp');
+const shell = require('gulp-shell');
+const ts = require('gulp-typescript');
+
+const tsProject = ts.createProject('tsconfig.json');
+
+function clean(cb) {
+    import('del')
+        .then((del) => del.deleteSync(['lib']))
+        .then(() => cb());
+}
+
+function compile(cb) {
+    tsProject
+        .src()
+        .pipe(tsProject()).js
+        .pipe(gulp.dest('lib'));
+    cb();
+}
+
+exports.clean = clean;
+exports.compile = compile;
+exports.build = gulp.series(clean, compile);
+exports.default = exports.build;