Enable SBOM creation for script analyzer (#1762)

JamesWTruher · web-flow · commit 416a4b1a037f · 2022-01-19T23:21:46.000-08:00
* Add SBOM creation to PSSA build.

* remove extraneous displayname

* change logic for copying manifest.

fix build repository URL.

* improve debugging output

* move to buildRoot before looking for _manifest

* copy manifest recursively.

* remove MacOS Mojave from test matrix.

image removed from Azure devops in December 2021
diff --git a/.azure-pipelines-ci/ci.yaml b/.azure-pipelines-ci/ci.yaml
@@ -26,8 +26,6 @@ stages:
               vmImage: ubuntu-18.04
             Ubuntu_20_04:
               vmImage: ubuntu-20.04
-            macOS_10_14_Mojave:
-              vmImage: macOS-10.14
             macOS_10_15_Catalina:
               vmImage: macOS-10.15
             Windows_Server2016_PowerShell_Core:
diff --git a/.ci/releaseBuild.yml b/.ci/releaseBuild.yml
@@ -136,11 +136,17 @@ stages:
             **/Pluralize*.dll
             **/Newtonsoft*.dll
 
+    # Create the manifest for the module
+    - template: Sbom.yml@ComplianceRepo
+      parameters:
+        BuildDropPath: $(signOutPath)
+        Build_Repository_Uri: 'https://github.com/powershell/PSScriptAnalyzer'
+
     # now create the nupkg which we will use to publish the module
     # to the powershell gallery (not part of this yaml)
     - pwsh: |
         Set-Location "$(Build.SourcesDirectory)/OSS_Microsoft_PSSA"
-        ./build -BuildNupkg -signed
+        ./build -BuildNupkg -CopyManifest -signed
       displayName: Create nupkg for publishing
 
     # finally publish the parts of the build which will be used in the next stages
diff --git a/build.ps1 b/build.ps1
@@ -42,6 +42,9 @@ param(
     [Parameter(ParameterSetName='Package')]
     [switch] $BuildNupkg,
 
+    [Parameter(ParameterSetName='Package')]
+    [switch] $CopyManifest,
+
     [Parameter(ParameterSetName='Package')]
     [switch] $Signed
 
@@ -92,6 +95,9 @@ END {
             return
         }
         "Package" {
+            if($CopyManifest) {
+                Copy-Manifest -signed:$Signed
+            }
             Start-CreatePackage -signed:$Signed
         }
         "Test" {
diff --git a/build.psm1 b/build.psm1
@@ -767,6 +767,32 @@ function Copy-CrossCompatibilityModule
     }
 }
 
+# copy the manifest into the module if is present
+function Copy-Manifest
+{
+    param ( [switch]$signed )
+    if ( $signed ) {
+        $buildRoot = "signed"
+    }
+    else {
+        $buildRoot = "out"
+    }
+    $analyzerVersion = Get-AnalyzerVersion
+    # location where analyzer goes
+    # debugging
+    (Get-ChildItem -File -Recurse)|ForEach-Object {Write-Verbose -Verbose -Message $_}
+    $modBaseDir = [io.path]::Combine($projectRoot,${buildRoot},"${analyzerName}", $analyzerVersion)
+    # copy the manifest files
+    Push-Location $buildRoot
+    if ( Test-Path _manifest ) {
+        Copy-Item -Recurse -Path _manifest -Destination $modBaseDir -Verbose
+    }
+    else {
+        Write-Warning -Message "_manifest not found in $PWD"
+    }
+    Pop-Location
+}
+
 # creates the nuget package which can be used for publishing to the gallery
 function Start-CreatePackage
 {
@@ -783,6 +809,7 @@ function Start-CreatePackage
         $nupkgDir = Join-Path $PSScriptRoot $buildRoot
         $null = Register-PSRepository -Name $repoName -InstallationPolicy Trusted -SourceLocation $nupkgDir
         Push-Location $nupkgDir
+
         Publish-Module -Path $PWD/PSScriptAnalyzer -Repository $repoName
     }
     finally {
