Update azure-pipeline.yaml for Azure Pipelines (#46)

2025-06-27 04:39:57 +00:00 · 2024-07-03 17:39:06 -04:00 · 2024-07-03 17:39:06 -04:00 · c3f071470f
commit c3f071470f
parent e71e132524
1 changed files with 36 additions and 24 deletions
--- a/.azdo/azure-pipeline.yaml
+++ b/.azdo/azure-pipeline.yaml
@ -1,28 +1,40 @@
 trigger:
 - main

-pool:
-  vmImage: ubuntu-latest
+# the `resources` specify the location and version of the 1ES Pipeline Template (PT).
+resources:
+  repositories:
+  - repository: 1ESPipelineTemplates
+    type: git
+    name: 1ESPipelineTemplates/1ESPipelineTemplates
+    ref: refs/tags/release

-steps:
-  # Component Governance does not support pyproject.toml yet.
-  # For that reason, use toml-to-requirements to export dependencies into a requirements.txt file.
-  - script: |
-      pip install toml-to-requirements
-      toml-to-req --toml-file pyproject.toml --poetry --optional-lists dev,test,backend,frontend
-      # toml-to-req is not perfect. It will leave wildcard characters in the requirements.txt file which we remove
-      sed -i 's/\*//g' requirements.txt
-    displayName: 'Export python dependencies to requirements.txt'
-  - task: ComponentGovernanceComponentDetection@0
-    displayName: 'Component Governance - Component Detection'
-    inputs:
-      scanType: 'Register'
-      verbosity: 'Verbose'
-      alertWarningLevel: 'High'
-  # - task: PoliCheck@2
-  #   displayName: 'Run PoliCheck'
-  #   inputs:
-  #     targetType: 'F'
-  #     targetArgument: '$(Build.SourcesDirectory)'
-  #     result: 'PoliCheck.xml'
-  #     toolVersion: Latest
+extends:
+  # this pipeline extends an existing 1ES PT which injects various SDL and compliance tasks
+  template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
+  parameters:
+    pool:
+      name: OCTO1ES_HostedPool
+      image: SMTOCTO1ESAgentWindowsVM
+      os: windows
+    sdl:
+      skipComponentGovernanceDetection: false
+      policheck:
+        enabled: true
+      sourceAnalysisPool:
+        name: OCTO1ES_HostedPool
+        image: SMTOCTO1ESAgentWindowsVM
+        os: windows
+    stages:
+      - stage: Component_Governance
+        jobs:
+        - job: CG_Prep
+          steps:
+            # Component Governance does not support pyproject.toml yet.
+            # for this reason, use toml-to-requirements to export dependencies into a requirements.txt file.
+            - script: |
+                pip install toml-to-requirements
+                toml-to-req --toml-file pyproject.toml --poetry --optional-lists dev,test,backend,frontend
+                # toml-to-req is not perfect. It will leave wildcard characters in the requirements.txt file which we remove
+                sed -i 's/\*//g' requirements.txt
+              displayName: 'Export python dependencies to requirements.txt for CG'