new build scripts for release pipeline (#1442)

JamesWTruher · web-flow · commit 7bb24d244d44 · 2020-04-29T09:55:52.000-07:00
* change build location when in VSTS

* copy newtonsoft assembly from proper location

* Add support for verbose output during build

* update verbose behavior

incorporate catalog building into module

* better code to handle verbose

* file for signing analyzer files

* tweaks to catalog creation

* Add suppression of UseCompatibleCommands rule for function that builds file catalog

* Improve message when there are failures in use compatible commands

* change logic for whether catalog can be created based on whether new-filecatalog exists rather than IsWindows variable which doesn't exist on PS5

* Add catalog signing configuration

* fix typo in catalog name

* use 400 for signing

* Address PR feedback

Remove comment code
change logic to use existing environment variable when building in VSTS
Remove extraneous suppression of New-FileCatalog

* add the suppression back to the function which creates the filecatalog

* Create suppression file for CredScan so it does not get triggered.
diff --git a/Tests/Rules/UseCompatibleCommands.Tests.ps1 b/Tests/Rules/UseCompatibleCommands.Tests.ps1
@@ -400,7 +400,7 @@ Describe 'UseCompatibleCommands' {
             }
 
             $diagnostics = Invoke-ScriptAnalyzer -Path "$PSScriptRoot/../../" -IncludeRule $script:RuleName -Settings $settings
-            $diagnostics.Count | Should -Be 0 -Because ($diagnostics.RuleName -join ', ')
+            $diagnostics.Count | Should -Be 0 -Because ($diagnostics.Message -join ', ')
         }
     }
 
diff --git a/build.ps1 b/build.ps1
@@ -34,13 +34,24 @@ param(
     [switch] $InProcess,
 
     [Parameter(ParameterSetName='Bootstrap')]
-    [switch] $Bootstrap
+    [switch] $Bootstrap,
+
+    [Parameter(ParameterSetName='BuildAll')]
+    [switch] $Catalog
+
 )
 
+BEGIN {
+    $verboseWanted = $false
+    if ( $PSBoundParameters['Verbose'] ) {
+        $verboseWanted = $PSBoundParameters['Verbose'].ToBool()
+    }
+}
+
 END {
-    Import-Module -Force (Join-Path $PSScriptRoot build.psm1)
+    Import-Module -Force (Join-Path $PSScriptRoot build.psm1) -verbose:$false
     if ( $Clean -or $Clobber ) {
-        Remove-Build
+        Remove-Build -verbose:$false
         if ( $PSCmdlet.ParameterSetName -eq "Clean" ) {
             return
         }
@@ -49,10 +60,19 @@ END {
     $setName = $PSCmdlet.ParameterSetName
     switch ( $setName ) {
         "BuildAll" {
-            Start-ScriptAnalyzerBuild -All -Configuration $Configuration
+            $buildArgs = @{
+                All = $true
+                Configuration = $Configuration
+                Verbose = $verboseWanted
+                Catalog = $false
+            }
+            if ( $Catalog ) {
+                $buildArgs['Catalog'] = $true
+            }
+            Start-ScriptAnalyzerBuild @buildArgs
         }
         "BuildDocumentation" {
-            Start-ScriptAnalyzerBuild -Documentation
+            Start-ScriptAnalyzerBuild -Documentation -Verbose:$Verbose
         }
         "BuildOne" {
             $buildArgs = @{
diff --git a/build.psm1 b/build.psm1
@@ -114,7 +114,7 @@ function Start-DocumentationBuild
     {
         throw "Cannot find markdown documentation folder."
     }
-    Import-Module platyPS
+    Import-Module platyPS -Verbose:$false
     if ( -not (Test-Path $outputDocsPath)) {
         $null = New-Item -Type Directory -Path $outputDocsPath -Force
     }
@@ -150,7 +150,9 @@ function Start-ScriptAnalyzerBuild
         [ValidateSet("Debug", "Release")]
         [string]$Configuration = "Debug",
 
-        [switch]$Documentation
+        [switch]$Documentation,
+
+        [switch]$Catalog
         )
 
     BEGIN {
@@ -163,27 +165,36 @@ function Start-ScriptAnalyzerBuild
             $foundVersion = Get-InstalledCLIVersion
             Write-Warning "No suitable dotnet CLI found, requires version '$requiredVersion' found only '$foundVersion'"
         }
+        $verboseWanted = $false
+        if ( $PSBoundParameters['Verbose'] ) {
+            $verboseWanted = $PSBoundParameters['Verbose'].ToBool()
+        }
     }
     END {
 
         # Build docs either when -Documentation switch is being specified or the first time in a clean repo
         $documentationFileExists = Test-Path (Join-Path $PSScriptRoot 'out\PSScriptAnalyzer\en-us\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll-Help.xml')
         if ( $Documentation -or -not $documentationFileExists )
         {
-            Start-DocumentationBuild
+            Write-Verbose -Verbose:$verboseWanted -Message "Start-DocumentationBuild"
+            Start-DocumentationBuild -Verbose:$verboseWanted
         }
 
         if ( $All )
         {
             # Build all the versions of the analyzer
             foreach($psVersion in 3..7) {
-                Start-ScriptAnalyzerBuild -Configuration $Configuration -PSVersion $psVersion
+                Start-ScriptAnalyzerBuild -Configuration $Configuration -PSVersion $psVersion -Verbose:$verboseWanted
+            }
+            if ( $Catalog ) {
+                New-Catalog -Location $script:destinationDir
             }
             return
         }
 
         if (-not $profilesCopied)
         {
+            Write-Verbose -Verbose:$verboseWanted -Message "Copy-CompatibilityProfiles"
             Copy-CompatibilityProfiles
             # Set the variable in the caller's scope, so this will only happen once
             Set-Variable -Name profilesCopied -Value $true -Scope 1
@@ -253,12 +264,24 @@ function Start-ScriptAnalyzerBuild
         # The Rules project has a dependency on the Engine therefore just building the Rules project is enough
         try {
             Push-Location $projectRoot/Rules
-            Write-Progress "Building ScriptAnalyzer for PSVersion '$PSVersion' using framework '$framework' and configuration '$Configuration'"
+            $message = "Building ScriptAnalyzer for PSVersion '$PSVersion' using framework '$framework' and configuration '$Configuration'"
+            Write-Verbose -Verbose:$verboseWanted -Message "$message"
+            Write-Progress "$message"
             if ( -not $script:DotnetExe ) {
                 $script:DotnetExe = Get-DotnetExe
             }
-            $buildOutput = & $script:DotnetExe build --framework $framework --configuration "$buildConfiguration" 2>&1
+            $dotnetArgs = "build",
+                "--framework",
+                $framework,
+                "--configuration",
+                "$buildConfiguration"
+            if ( $env:TF_BUILD ) {
+                $dotnetArgs += "--output"
+                $dotnetArgs += "${PSScriptRoot}\bin\${buildConfiguration}\${framework}"
+            }
+            $buildOutput = & $script:DotnetExe $dotnetArgs 2>&1
             if ( $LASTEXITCODE -ne 0 ) { throw "$buildOutput" }
+            Write-Verbose -Verbose:$verboseWanted -message "$buildOutput"
         }
         catch {
             Write-Warning $_
@@ -271,24 +294,57 @@ function Start-ScriptAnalyzerBuild
 
         Publish-File $itemsToCopyCommon $script:destinationDir
 
-        $itemsToCopyBinaries = @(
-            "$projectRoot\Engine\bin\${buildConfiguration}\${Framework}\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll",
-            "$projectRoot\Rules\bin\${buildConfiguration}\${Framework}\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll"
-            "$projectRoot\Rules\bin\${buildConfiguration}\${framework}\Microsoft.PowerShell.CrossCompatibility.dll"
-            )
+        if ( $env:TF_BUILD ) {
+            $itemsToCopyBinaries = @(
+                "$projectRoot\bin\${buildConfiguration}\${Framework}\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll",
+                "$projectRoot\bin\${buildConfiguration}\${Framework}\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll"
+                "$projectRoot\bin\${buildConfiguration}\${framework}\Microsoft.PowerShell.CrossCompatibility.dll"
+                )
+        }
+        else {
+            $itemsToCopyBinaries = @(
+                "$projectRoot\Engine\bin\${buildConfiguration}\${Framework}\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll",
+                "$projectRoot\Rules\bin\${buildConfiguration}\${Framework}\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll"
+                "$projectRoot\Rules\bin\${buildConfiguration}\${framework}\Microsoft.PowerShell.CrossCompatibility.dll"
+                )
+        }
         Publish-File $itemsToCopyBinaries $destinationDirBinaries
 
         $settingsFiles = Get-Childitem "$projectRoot\Engine\Settings" | ForEach-Object -MemberName FullName
         Publish-File $settingsFiles (Join-Path -Path $script:destinationDir -ChildPath Settings)
 
         if ($framework -eq 'net452') {
-            Copy-Item -path "$projectRoot\Rules\bin\${buildConfiguration}\${framework}\Newtonsoft.Json.dll" -Destination $destinationDirBinaries
+            if ( $env:TF_BUILD ) {
+                $nsoft =  "$projectRoot\bin\${buildConfiguration}\${framework}\Newtonsoft.Json.dll"
+            }
+            else {
+                $nsoft =  "$projectRoot\Rules\bin\${buildConfiguration}\${framework}\Newtonsoft.Json.dll"
+            }
+            Copy-Item -path $nsoft -Destination $destinationDirBinaries
         }
 
         Pop-Location
     }
 }
 
+function New-Catalog
+{
+    [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseCompatibleCommands', '')]
+    param ( [Parameter()]$Location )
+    $newFileCatalog = Get-Command -ErrorAction SilentlyContinue New-FileCatalog
+    if ($null -eq $newFileCatalog) {
+        Write-Warning "New-FileCatalog not found, not creating catalog"
+        return
+    }
+    try {
+        Push-Location $Location
+        New-FileCatalog -CatalogFilePath PSScriptAnalyzer.cat -Path .
+    }
+    finally {
+        Pop-Location
+    }
+}
+
 # TEST HELPERS
 # Run our tests
 function Test-ScriptAnalyzer
diff --git a/tools/releaseBuild/AssemblySignConfig.xml b/tools/releaseBuild/AssemblySignConfig.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<SignConfigXML>
+  <!-- ****Begin**** BothDual - Dual (Sha256 and Sha1) AuthicodeDual) and should be StrongName, but we will add this in 6.1.0 ******** -->
+ <job platform="" configuration="" dest="__OUTPATHROOT__\signed" jobname="PowerShell Script Analyzer" approvers="vigarg;gstolt">
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\Microsoft.PowerShell.CrossCompatibility.dll" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\Microsoft.PowerShell.CrossCompatibility.dll" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\PSScriptAnalyzer.psd1" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\PSScriptAnalyzer.psd1" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\PSScriptAnalyzer.psm1" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\PSScriptAnalyzer.psm1" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\ScriptAnalyzer.format.ps1xml" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\ScriptAnalyzer.format.ps1xml" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\ScriptAnalyzer.types.ps1xml" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\ScriptAnalyzer.types.ps1xml" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\Settings\CmdletDesign.psd1" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\Settings\CmdletDesign.psd1" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\Settings\CodeFormatting.psd1" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\Settings\CodeFormatting.psd1" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\Settings\CodeFormattingAllman.psd1" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\Settings\CodeFormattingAllman.psd1" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\Settings\CodeFormattingOTBS.psd1" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\Settings\CodeFormattingOTBS.psd1" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\Settings\CodeFormattingStroustrup.psd1" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\Settings\CodeFormattingStroustrup.psd1" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\Settings\DSC.psd1" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\Settings\DSC.psd1" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\Settings\PSGallery.psd1" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\Settings\PSGallery.psd1" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\Settings\ScriptFunctions.psd1" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\Settings\ScriptFunctions.psd1" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\Settings\ScriptingStyle.psd1" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\Settings\ScriptingStyle.psd1" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\Settings\ScriptSecurity.psd1" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\Settings\ScriptSecurity.psd1" />
+ </job>
+ <job platform="" configuration="" dest="__OUTPATHROOT__\signed" jobname="PowerShell Script Analyzer PSv6" approvers="vigarg;gstolt">
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\PSv6\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\PSv6\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\PSv6\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\PSv6\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\PSv6\Microsoft.PowerShell.CrossCompatibility.dll" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\PSv6\Microsoft.PowerShell.CrossCompatibility.dll" />
+ </job>
+ <job platform="" configuration="" dest="__OUTPATHROOT__\signed" jobname="PowerShell Script Analyzer PSv7" approvers="vigarg;gstolt">
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\PSv7\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\PSv7\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\PSv7\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\PSv7\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\PSv7\Microsoft.PowerShell.CrossCompatibility.dll" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\PSv7\Microsoft.PowerShell.CrossCompatibility.dll" />
+ </job>
+ <job platform="" configuration="" dest="__OUTPATHROOT__\signed" jobname="PowerShell Script Analyzer PSv4" approvers="vigarg;gstolt">
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\PSv4\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\PSv4\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\PSv4\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\PSv4\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\PSv4\Microsoft.PowerShell.CrossCompatibility.dll" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\PSv4\Microsoft.PowerShell.CrossCompatibility.dll" />
+ </job>
+ <job platform="" configuration="" dest="__OUTPATHROOT__\signed" jobname="PowerShell Script Analyzer PSv3" approvers="vigarg;gstolt">
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\PSv3\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\PSv3\Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules.dll" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\PSv3\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\PSv3\Microsoft.Windows.PowerShell.ScriptAnalyzer.dll" />
+    <file src="__INPATHROOT__\out\PSScriptAnalyzer\1.19.0\PSv3\Microsoft.PowerShell.CrossCompatibility.dll" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\PSv3\Microsoft.PowerShell.CrossCompatibility.dll" />
+ </job>
+</SignConfigXML>
diff --git a/tools/releaseBuild/CatalogSignConfig.xml b/tools/releaseBuild/CatalogSignConfig.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<SignConfigXML>
+ <job platform="" configuration="" dest="__OUTPATHROOT__\signed" jobname="PowerShell Script Analyzer File Catalog" approvers="vigarg;gstolt">
+    <file src="__INPATHROOT__\PSScriptAnalyzer\1.19.0\PSScriptAnalyzer.cat" signType="400" dest="__OUTPATHROOT__\PSScriptAnalyzer\1.19.0\PSScriptAnalyzer.cat" />
+ </job>
+</SignConfigXML>
diff --git a/tools/releaseBuild/CredScan.Suppressions.json b/tools/releaseBuild/CredScan.Suppressions.json
@@ -0,0 +1,15 @@
+{
+    "tool": "Credential Scanner",
+    "suppressions": [
+        { "file": "\\Engine\\Settings\\desktop-4.0-windows.json",
+            "_justification": "The file contains the list of all parameters of a cmdlet but no passwords are actually present." },
+        { "file": "\\Engine\\Settings\\desktop-3.0-windows.json",
+            "_justification": "The file contains the list of all parameters of a cmdlet but no passwords are actually present." },
+        { "file": "\\Engine\\Settings\\desktop-5.1.14393.206-windows.json",
+            "_justification": "The file contains the list of all parameters of a cmdlet but no passwords are actually present." },
+        { "file": "\\Tests\\Engine\\RuleSuppression.tests.ps1",
+            "_justification": "The parameter password is used in function declaration for test but is not called and no password is present." }
+     ]
+}
+
+

Original file line number	Diff line number	Diff line change
`@@ -400,7 +400,7 @@ Describe 'UseCompatibleCommands' {`
`400`	`400`	`}`
`401`	`401`
`402`	`402`	`$diagnostics = Invoke-ScriptAnalyzer -Path "$PSScriptRoot/../../" -IncludeRule $script:RuleName -Settings $settings`
`403`		`- $diagnostics.Count \| Should -Be 0 -Because ($diagnostics.RuleName -join ', ')`
	`403`	`+ $diagnostics.Count \| Should -Be 0 -Because ($diagnostics.Message -join ', ')`
`404`	`404`	`}`
`405`	`405`	`}`
`406`	`406`