Run APIScan after packaging on the packages (#2730)

mono · Feb 6, 2024 · b799054 · b799054
1 parent 39d0829
commit b799054
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 10 deletions.
diff --git a/native/windows/build.cake b/native/windows/build.cake
@@ -54,7 +54,7 @@ Task("libSkiaSharp")
             clang +
             win_vcvars_version +
             $"extra_cflags=[ '-DSKIA_C_DLL', '/MT{d}', '/EHsc', '/Z7', '-D_HAS_AUTO_PTR_ETC=1' ] " +
-            $"extra_ldflags=[ '/DEBUG:FULL' ] " +
+            $"extra_ldflags=[ '/DEBUG:FULL', '/DEBUGTYPE:CV,FIXUP' ] " +
             ADDITIONAL_GN_ARGS);
 
         var outDir = OUTPUT_PATH.Combine($"{VARIANT}/{dir}");

diff --git a/native/windows/libHarfBuzzSharp/libHarfBuzzSharp.vcxproj b/native/windows/libHarfBuzzSharp/libHarfBuzzSharp.vcxproj
@@ -148,6 +148,7 @@
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
+      <AdditionalOptions>/DEBUGTYPE:CV,FIXUP</AdditionalOptions>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -163,6 +164,7 @@
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
+      <AdditionalOptions>/DEBUGTYPE:CV,FIXUP</AdditionalOptions>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
@@ -178,6 +180,7 @@
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
+      <AdditionalOptions>/DEBUGTYPE:CV,FIXUP</AdditionalOptions>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -197,6 +200,7 @@
       <SubSystem>Windows</SubSystem>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalOptions>/DEBUGTYPE:CV,FIXUP</AdditionalOptions>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -216,6 +220,7 @@
       <SubSystem>Windows</SubSystem>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalOptions>/DEBUGTYPE:CV,FIXUP</AdditionalOptions>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
@@ -235,6 +240,7 @@
       <SubSystem>Windows</SubSystem>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalOptions>/DEBUGTYPE:CV,FIXUP</AdditionalOptions>
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>

diff --git a/scripts/azure-pipelines-variables.yml b/scripts/azure-pipelines-variables.yml
@@ -1,4 +1,5 @@
 variables:
+  SKIASHARP_MAJOR_VERSION: 3
   SKIASHARP_VERSION: 3.0.0
   FEATURE_NAME_PREFIX: 'feature/'
   VERBOSITY: normal

diff --git a/scripts/azure-pipelines.yml b/scripts/azure-pipelines.yml
@@ -37,6 +37,9 @@ parameters:
       pool:
         name: Azure Pipelines
         vmImage: ubuntu-20.04
+  - name: runCompliance
+    type: boolean
+    default: false
 
 variables:
   - template: azure-pipelines-variables.yml
@@ -54,6 +57,7 @@ stages:
     parameters:
       buildPipelineType: 'build'
       buildExternals: ${{ parameters.buildExternals }}
+      runCompliance: ${{ parameters.runCompliance }}
       VM_IMAGE_HOST: ${{ parameters.VM_IMAGE_HOST }}
       VM_IMAGE_WINDOWS: ${{ parameters.VM_IMAGE_WINDOWS }}
       VM_IMAGE_WINDOWS_NATIVE: ${{ parameters.VM_IMAGE_WINDOWS }}

diff --git a/scripts/azure-templates-stages.yml b/scripts/azure-templates-stages.yml
@@ -880,18 +880,14 @@ stages:
     - template: security/full/v1.yml@xamarin-templates
       parameters:
         stageDependsOn:
-          - managed
-          - native_windows
-          - native_macos
-          - native_linux
-          - native_wasm
+          - package
         complianceEnabled: true
         complianceTimeoutInMinutes: 480
         scanArtifacts:
-          - managed
-          - native
+          - nuget
+          - nuget_symbols
         antiMalwareEnabled: true
-        binSkimEnabled: true
+        binSkimEnabled: false
         policheckExclusionFile: $(Build.SourcesDirectory)\scripts\guardian\PoliCheckExclusions.xml
         policheckGdnSuppressionFilesFolder: $(Build.SourcesDirectory)\scripts\guardian
         credScanEnabled: true
@@ -902,7 +898,19 @@ stages:
         enableCodeInspector: true
         apiScanEnabled: true
         apiScanSoftwareName: 'SkiaSharp'
-        apiScanSoftwareVersionNum: $(Build.BuildNumber)
+        apiScanSoftwareVersionNum: $(SKIASHARP_MAJOR_VERSION)
+        apiScanPreserveLogsFolder: true
+        preScanSteps:
+          - pwsh: |
+              $nupkgs = (Get-ChildItem "$(Build.ArtifactStagingDirectory)\binaries-to-scan\*\*.*nupkg")
+              foreach ($nupkg in $nupkgs) {
+                $filename = $nupkg.Name.TrimEnd('.nupkg')
+                $dest = "$(Build.ArtifactStagingDirectory)\binaries-to-scan\nuget_symbols-extracted\$filename"
+                Write-Host "Extracting '$nupkg' to '$dest'..."
+                Expand-Archive $nupkg $dest
+                Remove-Item $nupkg
+              }
+            displayName: Extract all the .nupkg files
 
   - ${{ if eq(parameters.buildPipelineType, 'tests') }}:
     - stage: finalize