Imported Upstream version 6.12.0.98

Former-commit-id: 066e1c5ebb0cc420bd293e60a01325420779fdd1
2020-09-12 08:45:37 +00:00
parent 15e620f34f
commit 7d4706c3d7
196 changed files with 12053 additions and 764 deletions
--- a/external/llvm-project/eng/common/templates/job/execute-sdl.yml
+++ b/external/llvm-project/eng/common/templates/job/execute-sdl.yml
@@ -0,0 +1,91 @@
+parameters:
+  enable: 'false'                                             # Whether the SDL validation job should execute or not
+  overrideParameters: ''                                       # Optional: to override values for parameters.
+  additionalParameters: ''                                     # Optional: parameters that need user specific values eg: '-SourceToolsList @("abc","def") -ArtifactToolsList @("ghi","jkl")'
+  # There is some sort of bug (has been reported) in Azure DevOps where if this parameter is named
+  # 'continueOnError', the parameter value is not correctly picked up.
+  # This can also be remedied by the caller (post-build.yml) if it does not use a nested parameter
+  sdlContinueOnError: false                                    # optional: determines whether to continue the build if the step errors;
+  downloadArtifacts: true                                      # optional: determines if the artifacts should be dowloaded
+  dependsOn: ''                                                # Optional: dependencies of the job
+  artifactNames: ''                                            # Optional: patterns supplied to DownloadBuildArtifacts
+                                                               # Usage:
+                                                               #  artifactNames:
+                                                               #    - 'BlobArtifacts'
+                                                               #    - 'Artifacts_Windows_NT_Release'
+
+jobs:
+- job: Run_SDL
+  dependsOn: ${{ parameters.dependsOn }}
+  displayName: Run SDL tool
+  condition: eq( ${{ parameters.enable }}, 'true')
+  variables:
+    - group: DotNet-VSTS-Bot
+    - name: AzDOProjectName
+      value: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.AzDOProjectName'] ]
+    - name: AzDOPipelineId
+      value: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.AzDOPipelineId'] ]
+    - name: AzDOBuildId
+      value: $[ dependencies.setupMaestroVars.outputs['setReleaseVars.AzDOBuildId'] ]
+  pool:
+    name: Hosted VS2017
+  steps:
+  - checkout: self
+    clean: true
+  - ${{ if ne(parameters.downloadArtifacts, 'false')}}:
+    - ${{ if ne(parameters.artifactNames, '') }}:
+      - ${{ each artifactName in parameters.artifactNames }}:
+        - task: DownloadBuildArtifacts@0
+          displayName: Download Build Artifacts
+          inputs:
+            buildType: specific
+            buildVersionToDownload: specific
+            project: $(AzDOProjectName)
+            pipeline: $(AzDOPipelineId)
+            buildId: $(AzDOBuildId)
+            artifactName: ${{ artifactName }}
+            downloadPath: $(Build.ArtifactStagingDirectory)\artifacts
+    - ${{ if eq(parameters.artifactNames, '') }}:
+      - task: DownloadBuildArtifacts@0
+        displayName: Download Build Artifacts
+        inputs:
+          buildType: specific
+          buildVersionToDownload: specific
+          project: $(AzDOProjectName)
+          pipeline: $(AzDOPipelineId)
+          buildId: $(AzDOBuildId)
+          downloadType: specific files
+          itemPattern: "**"
+          downloadPath: $(Build.ArtifactStagingDirectory)\artifacts
+  - powershell: eng/common/sdl/extract-artifact-packages.ps1
+      -InputPath $(Build.ArtifactStagingDirectory)\artifacts\BlobArtifacts
+      -ExtractPath $(Build.ArtifactStagingDirectory)\artifacts\BlobArtifacts
+    displayName: Extract Blob Artifacts
+    continueOnError: ${{ parameters.sdlContinueOnError }}
+  - powershell: eng/common/sdl/extract-artifact-packages.ps1
+      -InputPath $(Build.ArtifactStagingDirectory)\artifacts\PackageArtifacts
+      -ExtractPath $(Build.ArtifactStagingDirectory)\artifacts\PackageArtifacts
+    displayName: Extract Package Artifacts
+    continueOnError: ${{ parameters.sdlContinueOnError }}
+  - task: NuGetToolInstaller@1
+    displayName: 'Install NuGet.exe'
+  - task: NuGetCommand@2
+    displayName: 'Install Guardian'
+    inputs:
+      restoreSolution: $(Build.SourcesDirectory)\eng\common\sdl\packages.config
+      feedsToUse: config
+      nugetConfigPath: $(Build.SourcesDirectory)\eng\common\sdl\NuGet.config
+      externalFeedCredentials: GuardianConnect
+      restoreDirectory: $(Build.SourcesDirectory)\.packages
+  - ${{ if ne(parameters.overrideParameters, '') }}:
+    - powershell: eng/common/sdl/execute-all-sdl-tools.ps1 ${{ parameters.overrideParameters }}
+      displayName: Execute SDL
+      continueOnError: ${{ parameters.sdlContinueOnError }}
+  - ${{ if eq(parameters.overrideParameters, '') }}:
+    - powershell: eng/common/sdl/execute-all-sdl-tools.ps1
+        -GuardianPackageName Microsoft.Guardian.Cli.win10-x64.0.20.1
+        -NugetPackageDirectory $(Build.SourcesDirectory)\.packages
+        -AzureDevOpsAccessToken $(dn-bot-dotnet-build-rw-code-rw)
+        ${{ parameters.additionalParameters }}
+      displayName: Execute SDL
+      continueOnError: ${{ parameters.sdlContinueOnError }}