Port SBOM generation to v3.x/ps7 (#725)

Francisco-Gamino · web-flow · commit bce3a1b1d5fa · 2021-12-27T15:07:49.000-08:00
* Add SBOM generation as part of the build process (#716) * Add SBOM task to generate manifest * Update pipeline to generate manifest * Update VM pool and images name (#718) * Generate SBOM only for release builds (#720) * Generate SBOM only for release builds * Simplify the logic to determine if this is a release build * Simplify logic to upload the nuget package for integration testing * Obtain the branch name from BuildSourceBranch (#728) * Update task condition boolean values to include single quotes (#731)
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -10,25 +10,49 @@
 strategy:
   matrix:
     linux:
-      imageName: 'ubuntu-latest'
+      imageName: 'MMSUbuntu20.04TLS'
     windows:
-      imageName: 'vs2017-win2016'
+      imageName: 'MMS2019TLS'
 
 pool:
+    name: '1ES-Hosted-AzFunc'
     vmImage: $(imageName)
 
 variables:
   Configuration: Release
   buildNumber: $[ counter('build', 400) ] # Start higher than our AppVeyor versions. Every build (pr or branch) will increment.
 
 steps:
+- pwsh: |
+    $releaseBranches = @('v4.x/ps7.2', 'v4.x/ps7.0', 'v3.x/ps7', 'v3.x/ps6', 'v2.x')
+
+    Write-Host "BuildSourceBranch: $($env:BuildSourceBranch)"
+    $branchName = $env:BuildSourceBranch.Replace("refs/heads/", "")
+    Write-Host "BranchName: $branchName"
+
+    $isReleaseBuild = ($releaseBranches -contains $branchName)
+    Write-Host "##vso[task.setvariable variable=IsReleaseBuild]$isReleaseBuild"
+    Write-Host "IsReleaseBuild: $isReleaseBuild"
+  displayName: 'Set IsReleaseBuild variable'
+  env:
+    BuildSourceBranch: $(Build.SourceBranch)
+
 - pwsh: ./build.ps1 -NoBuild -Bootstrap
   displayName: 'Running ./build.ps1 -NoBuild -Bootstrap'
 
 - pwsh: |
       $ErrorActionPreference = "Stop"
-      ./build.ps1 -Clean -Configuration Release -BuildNumber "$(buildNumber)"
+      if ($isReleaseBuild)
+      {
+        ./build.ps1 -Clean -Configuration Release -BuildNumber "$(buildNumber)" -AddSBOM -SBOMUtilSASUrl $env:SBOMUtilSASUrl
+      }
+      else
+      {
+        ./build.ps1 -Clean -Configuration Release -BuildNumber "$(buildNumber)"
+      }
   displayName: 'Build worker code'
+  env:
+    SBOMUtilSASUrl: $(SBOMUtilSASUrl)
 
 - pwsh: ./build.ps1 -NoBuild -Test
   displayName: 'Running UnitTest'
@@ -57,18 +81,8 @@ steps:
     TargetFolder: '$(Build.ArtifactStagingDirectory)'
   displayName: 'Copy package to artifacts directory'
 
-- pwsh: |
-    $uploadPackage = $null
-    if (-not ([bool]::TryParse($env:UPLOADPACKAGETOPRERELEASEFEED, [ref] $uploadPackage)))
-    {
-      throw "UploadPackageToPreReleaseFeed can only be set to True or False. Current value is set to $env:UPLOADPACKAGETOPRERELEASEFEED"
-    }
-    Write-Host "##vso[task.setvariable variable=UploadPackage]$uploadPackage"
-    Write-Host "UploadPackage: $uploadPackage"
-  displayName: 'Set UploadPackage variable'
-
 - task: NuGetCommand@2
-  condition: and(ne(variables['Build.Reason'], 'PullRequest'), in(variables['Build.SourceBranch'], 'refs/heads/v3.x/ps7', 'refs/heads/v3.x/ps6', 'refs/heads/v2.x'), eq(variables.UploadPackage, false))
+  condition: and(ne(variables['Build.Reason'], 'PullRequest'), eq(variables['IsReleaseBuild'], 'true'), eq(variables['UPLOADPACKAGETOPRERELEASEFEED'], 'false'))
   inputs:
     command: 'push'
     packagesToPush: '$(Build.ArtifactStagingDirectory)/**/*.nupkg;!$(Build.ArtifactStagingDirectory)/**/*.symbols.nupkg'
@@ -78,7 +92,7 @@ steps:
   displayName: 'Push NuGet package'
 
 - task: NuGetCommand@2
-  condition: eq(variables.UploadPackage, true)
+  condition: eq(variables['UPLOADPACKAGETOPRERELEASEFEED'], 'true')
   inputs:
     command: 'push'
     packagesToPush: '$(Build.ArtifactStagingDirectory)/**/*.nupkg;!$(Build.ArtifactStagingDirectory)/**/*.symbols.nupkg'
diff --git a/build.ps1 b/build.ps1
@@ -28,7 +28,13 @@ param(
     $Configuration = "Debug",
 
     [string]
-    $BuildNumber = '0'
+    $BuildNumber = '0',
+
+    [switch]
+    $AddSBOM,
+
+    [string]
+    $SBOMUtilSASUrl
 )
 
 #Requires -Version 6.0
@@ -62,6 +68,35 @@ function Get-FunctionsCoreToolsDir {
     }
 }
 
+function Install-SBOMUtil
+{
+    if ([string]::IsNullOrEmpty($SBOMUtilSASUrl))
+    {
+        throw "The `$SBOMUtilSASUrl parameter cannot be null or empty when specifying the `$AddSBOM switch"
+    }
+
+    $MANIFESTOOLNAME = "ManifestTool"
+    Write-Host "Installing $MANIFESTOOLNAME..."
+
+    $MANIFESTOOL_DIRECTORY = Join-Path $PSScriptRoot $MANIFESTOOLNAME
+    Remove-Item -Recurse -Force $MANIFESTOOL_DIRECTORY -ErrorAction Ignore
+
+    Invoke-RestMethod -Uri $SBOMUtilSASUrl -OutFile "$MANIFESTOOL_DIRECTORY.zip"
+    Expand-Archive "$MANIFESTOOL_DIRECTORY.zip" -DestinationPath $MANIFESTOOL_DIRECTORY
+
+    $dllName = "Microsoft.ManifestTool.dll"
+    $manifestToolPath = "$MANIFESTOOL_DIRECTORY/$dllName"
+
+    if (-not (Test-Path $manifestToolPath))
+    {
+        throw "$MANIFESTOOL_DIRECTORY does not contain '$dllName'"
+    }
+
+    Write-Host 'Done.'
+
+    return $manifestToolPath
+}
+
 function Deploy-PowerShellWorker {
     $ErrorActionPreference = 'Stop'
 
@@ -140,6 +175,29 @@ if (!$NoBuild.IsPresent) {
         -OutFile "$PSScriptRoot/src/Modules/Microsoft.PowerShell.Management/Microsoft.PowerShell.Management.psd1" 
 
     dotnet publish -c $Configuration "/p:BuildNumber=$BuildNumber" $PSScriptRoot
+
+    if ($AddSBOM)
+    {
+        # Install manifest tool
+        $manifestTool = Install-SBOMUtil
+        Write-Log "manifestTool: $manifestTool "
+
+        # Generate manifest
+        $buildPath = "$PSScriptRoot/src/bin/$Configuration/$TargetFramework/publish"
+        $telemetryFilePath = Join-Path $PSScriptRoot ((New-Guid).Guid + ".json")
+        $packageName = "Microsoft.Azure.Functions.PowerShellWorker.nuspec"
+
+        # Delete the manifest folder if it exists
+        $manifestFolderPath = Join-Path $buildPath "_manifest"
+        if (Test-Path $manifestFolderPath)
+        {
+            Remove-Item $manifestFolderPath -Recurse -Force -ErrorAction Ignore
+        }
+
+        Write-Log "Running: dotnet $manifestTool generate -BuildDropPath $buildPath -BuildComponentPath $buildPath -Verbosity Information -t $telemetryFilePath"
+        & { dotnet $manifestTool generate -BuildDropPath $buildPath -BuildComponentPath $buildPath -Verbosity Information -t $telemetryFilePath -PackageName $packageName }
+    }
+
     dotnet pack -c $Configuration "/p:BuildNumber=$BuildNumber" "$PSScriptRoot/package"
 }
 
diff --git a/tools/helper.psm1 b/tools/helper.psm1
@@ -11,8 +11,8 @@ $RepoRoot = (Resolve-Path "$PSScriptRoot/..").Path
 $DotnetSDKVersionRequirements = @{
     # We need .NET SDK 3.1 for running the tests, as we still build against the 3.1 framework
     '3.1' = @{
-        MinimalPatch = '412'
-        DefaultPatch = '412'
+        MinimalPatch = '415'
+        DefaultPatch = '415'
     }
     # We need .NET SDK 5.0 for the updated C# compiler
     '5.0' = @{
