diff --git a/.config/tsaoptions.json b/.config/tsaoptions.json new file mode 100644 index 0000000000000000000000000000000000000000..d940cdd8a5a903854051bfb2875267d65091c66a --- /dev/null +++ b/.config/tsaoptions.json @@ -0,0 +1,10 @@ +{ + "instanceUrl": "https://devdiv.visualstudio.com/", + "template": "TFSDEVDIV", + "projectName": "DEVDIV", + "areaPath": "DevDiv\\NET Libraries", + "iterationPath": "DevDiv", + "notificationAliases": [ "runtimerepo-infra@microsoft.com" ], + "repositoryName": "Runtime", + "codebaseName": "Runtime" +} \ No newline at end of file diff --git a/eng/common/templates/job/job.yml b/eng/common/templates/job/job.yml index 9f55d3f466600b5341c47af8d95951d487dd86c1..21b5acea8315a0cabe26a04a9322471052478382 100644 --- a/eng/common/templates/job/job.yml +++ b/eng/common/templates/job/job.yml @@ -227,4 +227,3 @@ jobs: PackageVersion: ${{ parameters.packageVersion}} BuildDropPath: ${{ parameters.buildDropPath }} IgnoreDirectories: ${{ parameters.componentGovernanceIgnoreDirectories }} - diff --git a/eng/pipelines/common/global-build-job.yml b/eng/pipelines/common/global-build-job.yml index a431f78563fdabc530bf36ab96ccf69142fce038..82e413d936e92a1fa15b7dd4e87e2ddafaff2667 100644 --- a/eng/pipelines/common/global-build-job.yml +++ b/eng/pipelines/common/global-build-job.yml @@ -32,6 +32,7 @@ parameters: enableRichCodeNavigation: false richCodeNavigationLanguage: 'csharp' richCodeNavigationEnvironment: 'production' + isManualCodeQLBuild: false jobs: - template: /eng/common/templates/job/job.yml @@ -162,13 +163,23 @@ jobs: inputs: filePath: $(Build.SourcesDirectory)/eng/pipelines/mono/update-machine-certs.ps1 + # Build - ${{ if eq(parameters.isSourceBuild, false) }}: + - ${{ if eq(parameters.isManualCodeQLBuild, true) }}: + - task: CodeQL3000Init@0 + displayName: Initialize CodeQL (manually-injected) + - script: $(_sclEnableCommand) $(Build.SourcesDirectory)$(dir)build$(scriptExt) -ci -arch ${{ parameters.archType }} $(_osParameter) ${{ parameters.buildArgs }} $(_officialBuildParameter) $(_crossBuildPropertyArg) $(_cxx11Parameter) $(_richCodeNavigationParam) $(_buildDarwinFrameworksParameter) $(_overrideTestScriptWindowsCmdParameter) displayName: Build product ${{ if eq(parameters.useContinueOnErrorDuringBuild, true) }}: continueOnError: ${{ parameters.shouldContinueOnError }} + - ${{ if eq(parameters.isManualCodeQLBuild, true) }}: + - task: CodeQL3000Finalize@0 + displayName: Finalize CodeQL (manually-injected) + #endif isSourceBuild + - ${{ if in(parameters.osGroup, 'OSX', 'iOS', 'tvOS', 'Android') }}: - script: | du -sh $(Build.SourcesDirectory)/* diff --git a/eng/pipelines/common/internal-variables.yml b/eng/pipelines/common/internal-variables.yml new file mode 100644 index 0000000000000000000000000000000000000000..d5113691e9e2aaf6907f3b2eab61d3dc0c26c011 --- /dev/null +++ b/eng/pipelines/common/internal-variables.yml @@ -0,0 +1,8 @@ +parameters: + teamName: '' + +variables: + - name: TeamName + value: ${{ parameters.teamName }} + - name: PostBuildSign + value: true diff --git a/eng/pipelines/runtime-codeql.yml b/eng/pipelines/runtime-codeql.yml new file mode 100644 index 0000000000000000000000000000000000000000..d39d542d658cc854d6f1c9ace1bb0a64f27cf74c --- /dev/null +++ b/eng/pipelines/runtime-codeql.yml @@ -0,0 +1,65 @@ +trigger: + none + +schedules: + - cron: 0 12 * * 1 + displayName: Weekly Monday CodeQL/Semmle run + branches: + include: + - main + always: true + +variables: + - template: /eng/pipelines/common/variables.yml + - name: Codeql.Enabled + value: True + - name: Codeql.Cadence + value: 0 + - name: Codeql.TSAEnabled + value: True + - name: Codeql.BuildIdentifier + value: $(System.JobDisplayName) + - name: Codeql.Language + value: cpp,csharp,java,python + +extends: + template: /eng/pipelines/common/templates/pipeline-with-resources.yml + parameters: + stages: + - stage: Build + jobs: + + # + # Build CoreCLR runtime packs + # + - template: /eng/pipelines/common/platform-matrix.yml + parameters: + jobTemplate: /eng/pipelines/common/global-build-job.yml + buildConfig: release + platforms: + - Linux_x64 + - windows_x64 + jobParameters: + buildArgs: -s clr+libs+host+packs -c $(_BuildConfig) + nameSuffix: AllSubsets_CoreCLR + isOfficialBuild: ${{ variables.isOfficialBuild }} + timeoutInMinutes: 360 + isManualCodeQLBuild: true + + # + # Build Mono runtime packs + # + - template: /eng/pipelines/common/platform-matrix.yml + parameters: + jobTemplate: /eng/pipelines/common/global-build-job.yml + buildConfig: release + runtimeFlavor: mono + platforms: + - Linux_x64 + - windows_x64 + jobParameters: + buildArgs: -s mono+libs+host+packs+mono.mscordbi -c $(_BuildConfig) + nameSuffix: AllSubsets_Mono + isOfficialBuild: ${{ variables.isOfficialBuild }} + timeoutInMinutes: 360 + isManualCodeQLBuild: true diff --git a/eng/pipelines/runtime-official.yml b/eng/pipelines/runtime-official.yml index 6618d01f9f1476afd48c96066df80c13fe2514b9..c736da33bc1644030423e850326fd2023727bc7f 100644 --- a/eng/pipelines/runtime-official.yml +++ b/eng/pipelines/runtime-official.yml @@ -24,11 +24,9 @@ pr: none variables: - template: /eng/pipelines/common/variables.yml -# TODO: (Consolidation) Switch away from old signing/validation variables from former Core-Setup. https://github.com/dotnet/runtime/issues/1027 -- name: TeamName - value: dotnet-core-acquisition -- name: PostBuildSign - value: true +- template: /eng/pipelines/common/internal-variables.yml + parameters: + teamName: dotnet-core-acquisition extends: template: /eng/pipelines/common/templates/pipeline-with-resources.yml