Add APIScan (#15872)

* Add API Scan * Update xf-release.yml * Add APIScan artifact * Update build-windows.yml * Update xf-release.yml * Revert "Update xf-release.yml" This reverts commit 5de7c80.
xamarin · Mar 6, 2024 · bbcb5db · bbcb5db
1 parent 9e2af8f
commit bbcb5db
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 2 deletions.
diff --git a/build/automation/tsaoptions-v2.json b/build/automation/tsaoptions-v2.json
@@ -0,0 +1,11 @@
+{
+    "codebaseName": "xamarin.forms_main",
+    "notificationAliases": [
+        "dotnet-maui-eng@microsoft.com"
+    ],
+    "instanceUrl": "https://devdiv.visualstudio.com/",
+    "projectName": "DevDiv",
+    "areaPath": "DevDiv\\VS Client - Runtime SDKs\\Xamarin Forms",
+    "iterationPath": "DevDiv",
+    "allTools": true
+  }
diff --git a/build/steps/build-windows.yml b/build/steps/build-windows.yml
@@ -8,7 +8,7 @@ parameters:
   runTests: 'true'
   artifact: 'nuget'
   artifactBinaries: 'win_build'
-  artifactDocs: 'pack-docs'
+  artifactApiscan: 'apiscan'
   publishArtifacts: true
 
 steps:
@@ -226,6 +226,28 @@ steps:
       CleanTargetFolder: false
       flattenFolders: false
 
+  - task: CopyFiles@2
+    displayName: 'Copy releasable binaries for compliance scanning'
+    condition: eq(variables['BuildConfiguration'], 'Release')
+    inputs:
+      Contents: |
+        **/bin/Release/**/Xamarin.Forms.*.dll
+        **/bin/Release/**/FormsViewGroup.dll
+        !**/bin/Release/**/*.UnitTests.dll
+        !**/bin/Release/**/*.ControlGallery.*.dll
+        !**/bin/Release/**/Xamarin.Forms.Controls.dll
+      TargetFolder: '$(build.artifactstagingdirectory)/${{ parameters.artifactApiscan }}'
+      CleanTargetFolder: true
+      flattenFolders: true
+
+  - ${{ if eq(parameters.publishArtifacts, 'true') }}:
+    - task: PublishBuildArtifacts@1
+      displayName: 'Publish Releasable Binaries for compliance scanning'
+      condition: eq(variables['BuildConfiguration'], 'Release')
+      inputs:
+        PathtoPublish: '$(build.artifactstagingdirectory)/${{ parameters.artifactApiscan }}'
+        ArtifactName: ${{ parameters.artifactApiscan }}
+
   - ${{ if eq(parameters.publishArtifacts, 'true') }}:
     - task: PublishBuildArtifacts@1
       displayName: 'Publish Artifact: ${{ parameters.artifactBinaries }}'

diff --git a/eng/xf-release.yml b/eng/xf-release.yml
@@ -29,7 +29,7 @@ parameters:
       name: Windows
       artifact: nuget
       binariesArtifact: win_build
-      docsArtifact: xml-docs
+      apiscanArtifact: apiscan
 
   - name: Skip1ESComplianceTasks
     default: false
@@ -109,6 +109,10 @@ extends:
                   displayName: 'Publish the ${{ parameters.PackPlatform.binariesArtifact }} artifacts'
                   artifactName: ${{ parameters.PackPlatform.binariesArtifact }}
                   targetPath: '$(Build.ArtifactStagingDirectory)'
+                - output: pipelineArtifact
+                  displayName: 'Publish the ${{ parameters.PackPlatform.apiscanArtifact }} artifacts'
+                  artifactName: ${{ parameters.PackPlatform.apiscanArtifact }}
+                  targetPath: '$(Build.ArtifactStagingDirectory)/${{ parameters.PackPlatform.apiscanArtifact }}'
             variables:
               BuildConfiguration: Release
             steps:
@@ -122,6 +126,7 @@ extends:
                   artifact: ${{ parameters.PackPlatform.artifact }}
                   artifactBinaries: ${{ parameters.PackPlatform.binariesArtifact }}
                   artifactsTargetFolder: '$(Build.ArtifactStagingDirectory)'
+                  artifactApiscan: '${{ parameters.PackPlatform.apiscanArtifact }}'
 
           - job: nuget_pack_hosted
             workspace:
@@ -151,6 +156,18 @@ extends:
                   binariesArtifact: ${{ parameters.PackPlatform.binariesArtifact }}
                   artifactsTargetFolder: '$(build.artifactstagingdirectory)/${{ parameters.PackPlatform.artifact }}'
 
+      - template: security/apiscan/v0.yml@xamarin-templates
+        parameters:
+          windowsPoolName: ${{ parameters.VM_IMAGE_HOST.name }}
+          windowsImageOverride: ${{ parameters.VM_IMAGE_HOST.image }}
+          stageDependsOn: 'windows'
+          timeoutInMinutes: 600
+          scanArtifacts: [ '${{ parameters.PackPlatform.artifact }}', '${{ parameters.PackPlatform.apiscanArtifact }}' ]
+          sourceGdnSuppressionFile: '$(Build.SourcesDirectory)\build\automation\guardian\source.gdnsuppress'
+          tsaConfigFile: '$(Build.SourcesDirectory)\build\automation\tsaoptions-v2.json'
+          apiScanSoftwareName: 'Xamarin.Forms'
+          apiScanSoftwareVersionNum: '5.0.0'
+
       - stage: nuget_signing
         dependsOn: windows
         displayName: Sign Nuget