Skip to content

Commit 48f3eaf

Browse files
jkoritzinskyjkoritzinsky
authored
Don't manually run SDL checks that 1ES pipelines inject when using 1ES pipelines (#14872)
1 parent df3f1c4 commit 48f3eaf

File tree

3 files changed

+30
-22
lines changed

3 files changed

+30
-22
lines changed

eng/common/core-templates/job/job.yml

Lines changed: 3 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -24,12 +24,11 @@ parameters:
2424
enablePublishTestResults: false
2525
enablePublishUsingPipelines: false
2626
enableBuildRetry: false
27-
disableComponentGovernance: ''
28-
componentGovernanceIgnoreDirectories: ''
2927
mergeTestResults: false
3028
testRunTitle: ''
3129
testResultsFormat: ''
3230
name: ''
31+
componentGovernanceSteps: []
3332
preSteps: []
3433
artifactPublishSteps: []
3534
runAsPublic: false
@@ -170,17 +169,8 @@ jobs:
170169
uploadRichNavArtifacts: ${{ coalesce(parameters.richCodeNavigationUploadArtifacts, false) }}
171170
continueOnError: true
172171

173-
- template: /eng/common/core-templates/steps/component-governance.yml
174-
parameters:
175-
is1ESPipeline: ${{ parameters.is1ESPipeline }}
176-
${{ if eq(parameters.disableComponentGovernance, '') }}:
177-
${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.runAsPublic, 'false'), or(startsWith(variables['Build.SourceBranch'], 'refs/heads/release/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/dotnet/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/microsoft/'), eq(variables['Build.SourceBranch'], 'refs/heads/main'))) }}:
178-
disableComponentGovernance: false
179-
${{ else }}:
180-
disableComponentGovernance: true
181-
${{ else }}:
182-
disableComponentGovernance: ${{ parameters.disableComponentGovernance }}
183-
componentGovernanceIgnoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }}
172+
- ${{ each step in parameters.componentGovernanceSteps }}:
173+
- ${{ step }}
184174

185175
- ${{ if eq(parameters.enableMicrobuild, 'true') }}:
186176
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
@@ -190,14 +180,6 @@ jobs:
190180
continueOnError: ${{ parameters.continueOnError }}
191181
env:
192182
TeamName: $(_TeamName)
193-
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.enableSbom, 'true')) }}:
194-
- template: /eng/common/core-templates/steps/generate-sbom.yml
195-
parameters:
196-
is1ESPipeline: ${{ parameters.is1ESPipeline }}
197-
PackageVersion: ${{ parameters.packageVersion}}
198-
BuildDropPath: ${{ parameters.buildDropPath }}
199-
IgnoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }}
200-
publishArtifacts: false
201183

202184
# Publish test results
203185
- ${{ if or(and(eq(parameters.enablePublishTestResults, 'true'), eq(parameters.testResultsFormat, '')), eq(parameters.testResultsFormat, 'xunit')) }}:

eng/common/core-templates/steps/component-governance.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,4 +13,4 @@ steps:
1313
continueOnError: true
1414
displayName: ${{ parameters.displayName }}
1515
inputs:
16-
ignoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }}
16+
ignoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }}

eng/common/templates/job/job.yml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,11 @@
11
parameters:
22
enablePublishBuildArtifacts: false
3+
disableComponentGovernance: ''
4+
componentGovernanceIgnoreDirectories: ''
5+
# Sbom related params
6+
enableSbom: true
7+
PackageVersion: 9.0.0
8+
BuildDropPath: '$(Build.SourcesDirectory)/artifacts'
39

410
jobs:
511
- template: /eng/common/core-templates/job/job.yml
@@ -13,6 +19,26 @@ jobs:
1319
steps:
1420
- ${{ each step in parameters.steps }}:
1521
- ${{ step }}
22+
23+
componentGovernanceSteps:
24+
- template: /eng/common/templates/steps/component-governance.yml
25+
parameters:
26+
${{ if eq(parameters.disableComponentGovernance, '') }}:
27+
${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.runAsPublic, 'false'), or(startsWith(variables['Build.SourceBranch'], 'refs/heads/release/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/dotnet/'), startsWith(variables['Build.SourceBranch'], 'refs/heads/microsoft/'), eq(variables['Build.SourceBranch'], 'refs/heads/main'))) }}:
28+
disableComponentGovernance: false
29+
${{ else }}:
30+
disableComponentGovernance: true
31+
${{ else }}:
32+
disableComponentGovernance: ${{ parameters.disableComponentGovernance }}
33+
componentGovernanceIgnoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }}
34+
35+
- ${{ if and(eq(parameters.runAsPublic, 'false'), ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.enableSbom, 'true')) }}:
36+
- template: /eng/common/templates/steps/generate-sbom.yml
37+
parameters:
38+
PackageVersion: ${{ parameters.packageVersion }}
39+
BuildDropPath: ${{ parameters.buildDropPath }}
40+
publishArtifacts: false
41+
1642

1743
artifactPublishSteps:
1844
- ${{ if ne(parameters.artifacts.publish, '') }}:

0 commit comments

Comments
 (0)