From b89e2f79d0a61e8aaa2020b36345e74931fef9da Mon Sep 17 00:00:00 2001 From: Daniel Jurek Date: Fri, 2 Jun 2023 16:07:22 -0700 Subject: [PATCH] Fix SBOM behavior on forks (#4686) * Use a YAML template for inserting sbom steps * Review feedback: naming * Tab * Ensure SBOM path exists --- .../templates/jobs/archetype-sdk-client.yml | 12 +---------- eng/pipelines/templates/jobs/ci.tests.yml | 14 +++---------- .../steps/generate-and-publish-sbom.yml | 20 +++++++++++++++++++ 3 files changed, 24 insertions(+), 22 deletions(-) create mode 100644 eng/pipelines/templates/steps/generate-and-publish-sbom.yml diff --git a/eng/pipelines/templates/jobs/archetype-sdk-client.yml b/eng/pipelines/templates/jobs/archetype-sdk-client.yml index bb425eae8..b4b9fcfe2 100644 --- a/eng/pipelines/templates/jobs/archetype-sdk-client.yml +++ b/eng/pipelines/templates/jobs/archetype-sdk-client.yml @@ -309,14 +309,4 @@ jobs: - template: /eng/common/pipelines/templates/steps/eng-common-workflow-enforcer.yml - - ${{if eq(variables['System.TeamProject'], 'internal') }}: - - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 - displayName: 'Generate BOM' - condition: succeededOrFailed() - inputs: - BuildDropPath: $(Build.SourcesDirectory)/build - - - template: /eng/common/pipelines/templates/steps/publish-artifact.yml - parameters: - ArtifactPath: '$(Build.SourcesDirectory)/build/_manifest' - ArtifactName: 'release_artifact_manifest' + - template: /eng/pipelines/templates/steps/generate-and-publish-sbom.yml diff --git a/eng/pipelines/templates/jobs/ci.tests.yml b/eng/pipelines/templates/jobs/ci.tests.yml index 8425985e6..2a7522914 100644 --- a/eng/pipelines/templates/jobs/ci.tests.yml +++ b/eng/pipelines/templates/jobs/ci.tests.yml @@ -329,14 +329,6 @@ jobs: displayName: Set bom file artifact name condition: succeededOrFailed() - - ${{if eq(variables['System.TeamProject'], 'internal') }}: - - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 - displayName: 'Generate BOM' - condition: succeededOrFailed() - inputs: - BuildDropPath: $(Build.ArtifactStagingDirectory) - - - template: /eng/common/pipelines/templates/steps/publish-artifact.yml - parameters: - ArtifactPath: '$(Build.ArtifactStagingDirectory)/_manifest' - ArtifactName: 'bom_manifest_$(BomArtifactName)' + - template: /eng/pipelines/templates/steps/generate-and-publish-sbom.yml + parameters: + BomArtifactName: $(BomArtifactName) diff --git a/eng/pipelines/templates/steps/generate-and-publish-sbom.yml b/eng/pipelines/templates/steps/generate-and-publish-sbom.yml new file mode 100644 index 000000000..e1b7f4609 --- /dev/null +++ b/eng/pipelines/templates/steps/generate-and-publish-sbom.yml @@ -0,0 +1,20 @@ +parameters: + BuildDropPath: $(Build.ArtifactStagingDirectory)/sbom + BomArtifactName: release_artifact_manifest + +steps: + - ${{if and(eq(variables['System.TeamProject'], 'internal'), ne(variables['Build.Reason'], 'PullRequest')) }}: + + - pwsh: New-Item -ItemType Directory -Path '${{ parameters.BuildDropPath }}' -Force + displayName: Ensure SBOM build drop path exists + + - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0 + displayName: 'Generate BOM' + condition: succeededOrFailed() + inputs: + BuildDropPath: ${{ parameters.BuildDropPath }} + + - template: /eng/common/pipelines/templates/steps/publish-artifact.yml + parameters: + ArtifactPath: ${{ parameters.BuildDropPath }}/_manifest + ArtifactName: ${{ parameters.BomArtifactName }}