Skip to content

Commit 9b19277

Browse files
authored
[ci] Generate and upload a Software Bill of Materials (#6645)
Context: https://eng.ms/docs/initiatives/executive-order/executive-order-requirements/executiveorderoncybersecurity/softwarebillofmaterials Context: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/secure-supply-chain/ado-sbom-generator Context: https://github.com/xamarin/yaml-templates/blob/4cabafec2cec4fc02b44635b196020cd00a60f03/compliance/sbom/job.v1.yml A "post-build" stage has been added that will run after all "build" and "prepare release" stages. This stage consists of one job which will generate a Software Bill of Materials using shared yaml templates. Other post processing jobs can be added to this stage in the future if needed.
1 parent 49221c5 commit 9b19277

File tree

1 file changed

+15
-0
lines changed

1 file changed

+15
-0
lines changed

build-tools/automation/azure-pipelines.yaml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1537,6 +1537,21 @@ stages:
15371537
authenticationMethod: 'OAuth Token'
15381538
password: $(System.AccessToken) # Equivalent to the 'Allow scripts to access OAuth token option': https://stackoverflow.com/questions/52837980/how-to-allow-scripts-to-access-oauth-token-from-yaml-builds
15391539

1540+
- stage: post_build
1541+
displayName: Post Build
1542+
dependsOn:
1543+
- dotnet_prepare_release
1544+
- finalize_installers
1545+
condition: and(eq(variables['MicroBuildSignType'], 'Real'), eq(dependencies.dotnet_prepare_release.result, 'Succeeded'), eq(dependencies.finalize_installers.result, 'Succeeded'))
1546+
jobs:
1547+
- template: compliance/sbom/job.v1.yml@yaml
1548+
parameters:
1549+
artifactNames: [ nuget-signed, nuget-linux-signed, vs-msi-nugets, vsdrop-signed ]
1550+
statusContexts: [ JENKINS-SIGN ]
1551+
packageName: xamarin-android
1552+
packageFilter: '*.nupkg;*.msi;*.pkg;*.vsix'
1553+
GitHub.Token: $(GitHub.Token)
1554+
15401555
- stage: code_analysis
15411556
dependsOn: []
15421557
displayName: Code Analysis

0 commit comments

Comments
 (0)